Tenacious, the Joker malware has once again succeeded in thwarting the security of the Play Store. This time he hid himself in a fun and harmless SMS personalization application.
Impossible to get rid of it! The Joker virus which has been inviting itself for nearly four years in the application store of who identified him in a named Color Message. This application, which was designed to make the exchanges of with its collection of emoticons, was deleted a few days ago from the Play . The problem was that it had had time to be downloaded over 500,000 times. Pradeo, who made it his ” », States that the came to connect to Russian servers.was detected again last week. He is the cybersecurity specialist
With such an application, Joker had an ideal container. To use it, you had to give it permissions to access contacts and message content, as well as to manage. What to facilitate the collection of data to feed campaigns of , for example. These same campaigns that allow us to retrieve identifiers and why not get their hands on the double factor protection code received by exactly.
Likewise, control over the messaging application can allow the user to subscribe to paid services without him knowing it. via SMS. Yes theJoker keeps coming back to the Google gallery, it is very difficult to detect due to its small footprint. This summer, Joker had already been found in eight applications for Android. A lesser evil since it was previously present in hundreds of applications. Again, despite Google’s progress in security of its Play Store, it is better not to think outside the box and opt for notoriously reliable applications.
Android: the Joker virus is back and it affects 17 popular apps
For three years, this virus has regularly infected applications on the Play Store. The principle remains the same: spy on your personal data and then subscribe to paid services. Here is the list of the 17 infected applications that must be urgently uninstalled.
Article by Fabrice Auclert, published on 01/06/2021
It was thought to be gone, but the Joker virus continues to haunt the Google app store. Malware in force since 2017, it had been seen this summer, and here it is again which has just infected no less than 17 applications. Obviously, you have to uninstall them while Google has already deleted them from its.
They are researchers from the ThreatLabz team, from the cloud security company which identified the 17 infected applications, and as is the case every time, the virus is hiding in a component of an application that seems perfectly common and harmless. Joker then proceeds in several stages. First, as a , it is executed the first time the application is launched. It therefore loads in the background, and it then takes the opportunity to start the download of a much more harmful component.
Do not give access to your SMS or your directory
It is from there, always in the background and without it being detectable, that he begins his spy phase:, contact lists, username and seized … And the worst is yet to come since the malware is then able to subscribe the user to paid services! It is therefore necessary to monitor closely s who have access to SMS and contact lists, and especially not to give them access!
Often, the user answers “yes” to the differentwithout realizing that it thus makes available private functions of the phone that hackers can exploit. Another tip: look at the reviews published on an application before downloading them, but also the number of . Infected applications are often unmasked by .
Android: watch out for this virus that subscribes to paid services
As of 2017, Joker malware has infected Android apps, and eleven of them continue to trick users into forcing them to subscribe to paid services. This new variant manages to bypass Google’s validation and security steps.
Posted on 07/10/2020 by Fabrice Auclert
The game of cat and mouse continues between the pirates and the discovered new traces of Joker, a malware identified in 2017, and thought to be eradicated. His speciality ? Hiding in classic and popular applications to activate payment for “in-app” services, such as paid options. All without the knowledge of the user.since the company
This Thursday, the security experts of Check Point discovered its presence in eleven applications, and they accumulate 500,000 downloads. The most worrying thing is obviously that these eleven applications are available from the. This variant of Joker has found a new way to play the Trojans to hide in applications, and thus then embed itself in the smartphone. the is hidden in the manifest file that each developer must integrate into his application, and placed at the root of the application folder. It contains information about the author, logo, version, etc.
The malware hides during the validation phase
In this file, Joker places malicious code there, but it is encoded in base 64, and therefore not identifiable. While Google examines the file forfor its validation, the code is inactive. As soon as the validation is effective and the security checks are passed, then the hackers’ server launches the command hidden in this code and the can thus activate.
Alerted, Google immediately, but it is obviously recommended to uninstall them. These are ImageCompress, WithMe Texts, FriendSMS, Relax Relaxation, Cherry Messages, LovingLove Message, RecoveFiles, RemindMe Alarm, and Training Memory Game. It is also advisable to look at your bank account and verify that there have not been any fraudulent withdrawals.