Google first detected apps with the Joker malware, a premium subscription bot in 2017. As of January 2020, Google has removed more than 1,700 apps from Play Store over the past three years that had been infected with the Trojan. Joker Malware tactically simulates interaction with ads, steals the victim’s SMS along with the OTP to authenticate payments, the contact list and device info. The majority of the discovered apps target the EU and Asian countries. Most of the discovered apps have an additional check, which makes sure that the payload doesn’t implement while running within the US or Canada. The UI of C&C panel and some of the bot’s code comments are written in Chinese, which could be a hint in terms of geographical origin.
Check Point researchers discovered the new variant that were found in seemingly legitimate apps. They released the list of apps infected by it on July 9, explaining the main components behind it. The new variant of the malware made its way to the Play Store and was detected in 11 apps. It can download additional malware to the device, which subscribes the victim to premium services without their consent. The list of apps detected are:
com.imagecompress.android, com.relax.relaxation.androidsms, com.cheery.message.sendsms (two different instances), com.peason.lovinglovemessage, com.contact.withme.texts, com.hmvoice.friendsms, com.file.recovefiles, com.LPlocker.lockapps, com.remindme.alram and com.training.memorygame.
Google has now removed the above mentioned infected apps from Play Store. However, it is advised to the users to check all their apps thoroughly and see if they are from a non-trusted developer. If you feel that you have downloaded an infected file, you should immediately uninstall it, especially apps with in-app purchases. Check your messages and credit card bills for any suspicion. If there are any irregularities found, talk to the bank and unsubscribe to those charges. Lastly, it is recommended that users should install an anti-virus program on their smartphones to prevent infections. Here are a few recommended anti-virus for your Android smartphone – Norton Mobile Security, Avast Mobile Security, Kaspersky Internet Security and McAfee Mobile Security.