Check Point researchers have found 11 dangerous applications that hide the Joker malware, which can steal money and user data.
Joker — one of the most widespread malware on Android smartphones, first made its appearance in 2017, since then, this virus has continued to change, finding new ways to circumvent the Play Store’s protections — and now Check Point Technologies tracked the malware in 11 Android apps.
Joker is a virus capable of doing many dangerous things — first of all, it is spyware, which steals our personal information, reads our messages, accesses our contact list, but can also send SMS messages without the user noticing.
Google justified itself for the difficulties it encountered in preventing the publication of apps infected by Joker by stating that this virus “uses practically every known cloaking technique, to hide in an attempt to go unnoticed.” — initially distributing a clean app and then updating it with one that contains the virus.
Android Manifest: Where the Joker hides
All apps, even clean and legitimate ones, have a file called “Android Manifest,” where the developer must provide the Play Store with precise information about the app like name, icon, required permissions, the purpose of the app. And Joker has exploited this file. Joker’s strategy, therefore, is not based on connecting to an external server to download the dangerous code but in entering the code directly into Android Manifest and also waiting several days, after installing the app, before starting its activities.
As said, Joker is a virus that is part of the spyware family and was born with the task of stealing personal data from users and spying on everything they do with their smartphone. A sneaky and very dangerous virus, but that has now evolved. In the latest version discovered by Check Point researchers, it is also able to independently activate premium subscriptions to services and applications, all without the user being able to do anything.
The apps discovered by Check Point Technologies are 11 in total and have all been reported to Google, which removed them from the Play Store.
Some of these apps are still available on other stores other than the Google Play Store, and some are again present on the same Play Store. It is not said, however, that these apps are still infected (which instead have been removed). here’s the list:
- com.imagecompress.android
- com.contact.withme.texts
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.cheery.message.sendsms
- com.cheery.message.sendsms
- com.peason.lovinglovemessage
- com.file.recovefiles
- com.LPlocker.lockapps
- com.remindme.alram
- com.training.memorygame
Check Point researchers also provide helpful advice on how to defend against the Joker. First of all, you need to eliminate one of the 11 dangerous apps if you have them installed, then you must check on the credit card statement if by chance there are payments for the purchase of applications that you don’t even know. Finally, install an Android antivirus, there are many on the Play Store, even for free.