Google Play Store removes 11 apps on malware Joker’s threat

The Check Point report has listed out the package names of the 11 infected apps, and suggested users to uninstall those applications, and then, install a security solution.

July 13, 2020 04:14 pm | Updated 04:37 pm IST

Press enter button on the keyboard computer Shield cyber Key lock security system abstract technology world digital link cyber security on hi tech Dark blue background, Enter password to log in. lock finger Keyboard

Press enter button on the keyboard computer Shield cyber Key lock security system abstract technology world digital link cyber security on hi tech Dark blue background, Enter password to log in. lock finger Keyboard

A new variant of Joker malware on Google’s Play Store has infected 11 applications that have now been removed from the app store.

The new version of Joker malware had made slight changes to its original code, and managed to sneak into the now removed apps, according to Check Point, a security solutions company, whose researchers discovered the threat.

“Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” a Check Point research report titled New Joker variant hits Google Play with an old trick said.

Joker exploits notification listener service built-in to apps along with a dynamic dex file loaded from a command-and-control server (C&C) to execute the user registration process.

Taking a leaf out of the Windows malware developer’s playbook, the new version of Joker manages to load the dynamic dex file even when it is masked, reducing its digital fingerprint. Then, it decodes and loads the dex file as it remains concealed within the application in the form of Base64 encoded strings.

The original classes.dex file confirms the presence of an active campaign after communicating with the C&C server, and loads the new payload unit. Joker’s new version succeeds in hiding the entire functionality by configuring the C&C server to return “false” on the status code, preventing detection of the malicious activity, according to the report.

A malware like this could put a user and their data at risk. It compromises the integrity of a device, and could allow an attacker to remotely access and exploit an infected device. In the process it may be used to transmit a user’s personal data or credentials without proper disclosure and permission.

The Check Point report has listed out the package names of the 11 infected apps, and suggested users to uninstall those applications, and then, install a security solution. It also suggested users to check for any subscriptions in the credit card and mobile bills.

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.