The Joker malware has once again succeeded in thwarting the security of the Play Store. This time he hid in a fun and harmless SMS personalization app.
Impossible to get rid of it! The Joker virus that has been calling itself for nearly four years was discovered in the Google Play Store again last week. He is a specialist in cyber security who you know in a the name of the thing colorful message. This application that is designed to make exchanges With her set of emojis, it was deleted a few days before Play . The problem was that it had time to download more than 500,000 times. Radio, who made it his” “,” states that Came to connect to the Russian servers.
With such an app, Joker had a perfect container. To use it, you had to give it permissions to access contacts and message content, as well as to manage . What facilitates data collection to feed campaigns , for example. These are the same campaigns that allow us to retrieve IDs and why not get the double factor protection code received by exactly.
Likewise, controlling a messaging app can allow a user to subscribe to paid services without their knowledge. via short message. yes the The Joker keeps coming back to the Google Gallery, and it’s very hard to spot due to its small size. This summer, the Joker is already found in eight apps for Android. The lesser evil because it was previously present in hundreds of applications. Again, despite Google’s advances in Its Play Store security, it is better not to think outside the box and choose trusted apps that are known.
Android: Joker virus is back and affecting 17 popular apps
For three years, this virus has regularly infected apps on the Play Store. The principle remains the same: spy on your personal data and then sign up for paid services. Below is a list of 17 infected apps that you should uninstall urgently.
Article by Fabrice Auclert, published on 01/06/2021
They are researchers from the ThreatLabz team, from the cloud security company Which identified the 17 infected apps, and as every time, the virus is hiding in a component of the seemingly common and harmless application. Then the Joker proceeds through several stages. First, as a It is executed the first time the application is launched. So it loads in the background, and then takes the opportunity to start downloading a more malicious component.
Do not give access to your SMS or directory
From there, always in the background and without being detectable, the spy phase begins: contact lists, username, and It has been hacked…and the worst is yet to come because the malware is then capable of subscribing the user to paid services! So it is necessary to monitor closely Who have access to SMS and contact lists, especially not to give them access!
Android: Watch out for this virus that subscribes to paid services
As of 2017, Joker malware has infected Android apps, and 11 of them have continued to trick users into subscribing to paid services. This new variable bypasses Google’s validation and security steps.
Posted on 10/07/2020 by Fabrice Auclert
The cat and mouse game between pirates and . continues Since the company I discovered new traces of Joker, a malware that was identified in 2017, and is believed to have been eradicated. his specialty? Hide in classic and popular applications to activate payment for “in-app” services, such as paid options. All without the user’s knowledge.
This Thursday, security experts from Check Point discovered its presence in eleven applications, amassing 500,000 downloads. Obviously, the most disturbing thing is that these eleven apps are available from . This Joker variant has found a new way to play Trojans to hide in apps, thus embedding itself in . the It is hidden in the manifest file that every developer must integrate into their application, and it is placed in the root of the application folder. It contains information about the author, logo, version, etc.
Malware disappears during the validation phase
In this file the Joker puts malicious code there, but it is encoded in base 64, and therefore unrecognizable. While Google is scanning the file for For validation, the code is inactive. Once validation is enabled and security checks are passed, the hacker server runs the command hidden in this code and Thus it can be active.
Google alert immediately However, it is clearly recommended to uninstall them. These are ImageCompress, WithMe Texts, FriendSMS, Relaxation Relaxation, Cherry Messages, LovingLove, RecoveFiles, RemindMe Alarm, and Training Memory Game. It is also advisable to take a look at your bank account and check that there are no fraudulent withdrawals.
“Incurable web evangelist. Hipster-friendly gamer. Award-winning entrepreneur. Falls down a lot.”