Thursday, March 28, 2024

New Variant of Infamous Android Joker Malware Bypasses Google Play Security to Attack Users

The Joker malware detected in early June 2019, it employs several tactics to bypass GooglePlay protection and to perform several malicious activities.

The malware used to hide inside different apps and once users downloaded to the phone they got infected with the Joker malware.

It aims to steal money from the user by signing for paid subscriptions, it interacts with the user’s SMS messages, contact lists, and other data from the device.

Earlier it was observed that Joker malware hidden with 24 apps different apps, all the apps have been reported to Google and removed from the store.

New Joker variant

Check Point researchers discovered a new variant of Joker Dropper and Premium Dialer spyware in Google Play hidden with 11 apps that removed from Google Play on April 30, 2020.

The updated version of Joker malware hides behind look like legitimate apps and downloads additional malware on the device.

“This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.”

The Joker malware utilizes Notification Listener service and a dynamic dex file loaded from the C&C server to subscribe to users for the premium services.

The new malware also checks the malicious flow every time by creating a new object that communicates with the C&C to check if the campaign was still active.

To minimize the Joker’s fingerprint, the malicious actors loaded the dynamic dex file “from sight while still ensuring it can load – a technique which is well-known to developers of malware for Windows PCs.”

The new variant of the malware hides it’s malicious dex file within the application as Base64 encoded strings, ready to be decoded and loaded.

The new variant also contains the code of the original Joker malware in its main dex file “the registration of the NotificationListener service, subscribing the user to premium services, and more.”

Here you can find the package names of 11 malicious applications that hide a new variant of Joker.

If you have installed any of the malicious apps, it is recommended to remove them immediately and to check your mobile and credit-card bills for unwanted charges.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Cerberus Android Banking Malware Mimic as Currency Converter App Found on Google Play

Android Devices Infected with Undeletable Adware that Sits on System Partition

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles