Last year, Google Play Store removed 17 mobile applications after being identified to be infected with the Joker malware. If a user installs one of the 17 infected apps, the Joker malware will begin to spy and steal the user’s data stored on the device. It will duplicate SMS text messages, contact lists, and more.
However, this year, it seemed that the Joker malware has resurfaced to commit the same tactics in stealing personal data from its victims.
The issued warning was placed by the Belgian Police regarding the Joker malware’s reoccurrence in the hacking scene. It is reported to again attack Android devices after detection has come up that it is being carried by eight new apps in the Google Play Store. Although these 8 apps have already been removed, at least 16 apps on the Google Play Store contain the virus.
The initial practice of the Joker virus is through SMS text messages; however, it also began to target the Wireless Application Protocol (WAP) payment systems. The process includes exploiting the vendor’s interaction with phone operators, which allows the payment of the services related to mobile billing. It will then require verification from the device being used and not from the users. Therefore, the threat actors can conduct payments without the need for user interaction.
More information about the Joker Malware
The Joker malware primarily resides under the Bread malware group. It aims to attack mobile billing processes and illegal authorization of operations without the victim’s awareness. Moreover, it can also access SMS and contact lists after infecting the device. It can as well subscribe its victims to paid services which makes it mostly more unsafe.
The Joker malware threat actors proved to be dynamic and innovative because of being able to evade the security defences of the Google Play Store once again. Additionally, the virus is embedded in the Google Play Store and uploaded on other third-party app stores. This is to evade being eyed on coming from their operations with official app stores. Users are advised to download their applications only from trusted official app stores and not from suspicious third-party downloaders to avoid hacking risks.