Google has removed 11 apps from its Play Store which were infected with the in famous “Joker” malware. The applications include com.imagecompress.android, com.relax.relaxation.androidsms, com.cheery.message.sendsms, com.peason.lovinglovemessage, com.contact.withme.texts, com.hmvoice.friendsms, com.file.recovefiles, com.LPlocker.lockapps, com.remindme.alram and com.training.memorygame.
The Manager of Mobile Research at security firm Check Point, Mr. Aviran Hazum, said, “Joker adapted. We found it hiding in the “essential information” file every Android application is required to have. Our latest findings indicate that Google Play Store protections are not enough. We were able to detect numerous cases of Joker uploads on a weekly basis to Google Play, all of which were downloaded by unsuspecting users. The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people”.
About the new Joker malware :
The new updated version of the Joker Malware was able to download additional malware into the device which can make the user to subscribe to the premium services without their knowledge or consent. The componenets used by the malware to do this were the Notification Listener service and dynamic dex file loaded from the C&C server.
Whereas the original Joker malware communicated with the server and then downloaded the dex file, the new modified version of the malware is embedded in a different area, with the dex file loading a newpayload, and the malware being triggered by creating a new object which communicated with the server.
Android app developer at Jungle Works, Lalit Wadhawa, stated that “The new method is much more complex compared to the process of the original Joker malware. It requires for one .dex file to read a manifest file and then start decoding the payload. After the payload is decoded, it then loads a new .dex file and then infects the device”.
Therefore, we recommend you to check your mobile and credit/debit card bills for any irregular transaction and download apps only from trusted and known developers.