Joker malware that indicators victims as much as premium subscription providers found in 24 Play Retailer apps
What just happened? Stop me if you’ve heard this one before: several malware-loaded apps have been found on Google’s official Play Store. Dubbed “Joker,” the malicious software has been detected in 24 apps that have over 472,000 downloads.
CSIS Security Group analyst Aleksejs Kuprins made the discovery, which he wrote about in a Medium post. Joker surreptitiously signs its victims up to premium subscription services by simulating the sign-up process. It also steals SMS messages, contact lists, and device information.
Kuprins explains that “the automated interaction with the advertisement websites includes simulation of clicks and entering of the authorization codes for premium service subscriptions.”
“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”
The malware potentially targets users in 37 countries, including the US and UK. For most of the apps, the victim has to be using a SIM card from one of the countries to receive the second-stage payload.
Google has now removed all of the infected apps from its store— you can see the full list below. If you were one of the nearly half-a-million people to download any of them, checking your bank/credit card statement for any suspicious transactions is advised.
Malware-riddled apps on the Play Store is far from a new phenomenon. Last month, CamScanner, a PDF maker with over 100 million downloads, was discovered to contain a Trojan Dropper.