In case you didn’t know, the ‘Joker’ malware made headlines after infecting many Android devices globally. Joker is the name given to a type of billing fraud malware that steals Android users’ personal information & then signs them up for subscription services without their knowledge. In 2019, 24 apps were found harbouring this malicious software & were rooted out of the Google Play Store.
Originally hidden in the advert framework of a seemingly legitimate app, the malware works in the background to access users’ SMS messages, contact list & device information. The purpose is to steal funds via unauthorized subscription services, & hiding the subscription by blocking the users’ notification system, so that they would remain innocent unless they checked their account.
The list of apps first discovered by Google can be viewed here. However, that’s, sadly, not the end of this sordid story. Last month a host of apps were found to be hiding Joker malware & were removed, once again, from the Google Play Store.
Here’s a list of the infected apps:
- Compress Image (com.imagecompress.android)
- Contact Message (com.contact.withme.texts)
- Friend SMS (com.hmvoice.friendsms)
- Relaxation Message (com.relax.relaxation.androidsms)
- Cheery Message – listed two times (com.cheery.message.sendsms)
- Loving Message (com.peason.lovinglovemessage)
- File Recovery (com.file.recovefiles)
- App Locker (com.LPlocker.lockapps)
- Remind Alarm (com.remindme.alram)
- Memory Game (com.training.memorygame)
Researchers from Checkpoint.com have detailed the methods deployed by the criminals behind the Joker scam to circumvent Google’s security vetting. These include a rather unsophisticated technique that was commonly used by malware to target Windows PCs in the not too distant past & relies on a lightly encrypted (Base64 encoded) “string” that relays an HTTP message to remote servers from the users’ device after download. This enables the software to sign the user up for paid subscription services which are deducted without authorization or, in fact, the users’ overt knowledge.
When you consider that as many as 500,000 Android users installed many of the infected apps, you’ll understand not only the scale of enormous fraud perpetrated, but also why the players behind Joker are so determined to continue to outwit Google’s security measures.
Google has attempted to up its game on the security front recently by restricting apps that can access users SMSs & implementing Google Play Protection. However, it’s rather strange that the latest method employed by Joker ever managed to gain Google’s approval because Base64 encoding is easy to decode, & any unnecessary malicious string should, therefore, have been easy to spot.
In conclusion: The lesson to take away from this is that it’s a good idea to install a well known anti-virus app on your device & always take care not to give apps more authority than they need when it comes to your personal information & device control centre. Also, it’s not a bad idea to do a bit of research into an app before installing it.
