Sure, the Joker malware has once again succeeded in breaking the security of the Play Store. This time he hid himself in a fun and harmless SMS customization app.
It is impossible to get rid of it! The Joker virus, which has been calling itself the Google App Store for almost four years, was rediscovered last week. He is a cyber security expert The person who identified him was A.J. Named Color message. This application is designed to generate transactions Removed from Play a few days ago, along with a collection of emoticons . The problem is, it’s had time to download 500,000 times. Brady, it’s his », Says Came to connect with Russian servers.
With such use, the Joker had an excellent container. To use it, you must grant permission to access and manage contacts and message content . What helps in data collection to trigger campaigns , For example. Similar campaigns that allow us to retrieve identities and why not get the dual factor security code they received Exactly.
Similarly, control over messaging usage allows users to subscribe to paid services without their knowledge. Via SMS. Yes the The Joker comes back to Google Gallery and it’s very difficult to find because of its small footprint. This summer, the Joker has already been detected in eight apps for Android. Less evil than it used to be in hundreds of applications. Again, despite Google’s progress For the security of its Play Store, it is better not to think outside the box and choose the worst reliable apps.
Android: The Joker virus is back, affecting 17 popular apps
For three years now, the virus has been infecting applications in the Play Store. The policy remains the same: spy on your personal data and then subscribe to paid services. Here is a list of 17 infected applications that need to be uninstalled urgently.
Article by Fabrice Aucklert published on 01/06/2021
They are researchers on the ThreatLabz team from the Cloud Security Company It has identified 17 applications that have been infected, and as it happens every time, the virus is hidden in the components of one application, making it seem very common and harmless. The Joker goes through several stages. First, a , Which is activated the first time the application is launched. So it loads in the background and it gets a chance to start downloading the most harmful components.
Do not grant access to your SMS or your directory
From there, always in the background, undetected, he begins his espionage phase: , Contact lists, username and Captured … and worse yet because the malware can then subscribe the user to paid services! It is therefore necessary to monitor carefully Those who have access to SMS and contact lists, especially should not be given access to them!
Android: Watch out for this virus subscribing to paid services
As of 2017, Joker malware has infected Android apps, forcing eleven users to subscribe to paid services. This new variant goes through Google’s verification and security steps.
Posted by Fabrice Auclert on 07/10/2020
Cat and mouse play continues between pirates and rats From the company It was assumed in 2017 that new traces of the Joker, a malware identified, would be discovered and destroyed. His specialty? Hiding in classic and popular apps to enable payment for “off-in-app” services such as payment options. All without the user knowing.
This Thursday, security experts at Checkpoint discovered its presence in eleven applications, and they amassed over 500,000 downloads. The most worrying thing is that these eleven applications are available from this . This variant of the Joker has found a new way to hide Trojans in applications and thereby embed itself. . The It is hidden in the manifest file that each developer must integrate into his application and placed at the source of the application folder. It contains information about the author, logo, version, etc.
The malware disappears during the verification phase
In this file, the Joker puts the malicious code there, but it is encrypted in base 64, so it cannot be identified. When reviewing the Google file For its verification, the code is inactive. Once the verification is effective and security checks are completed, the hacker’s server launches a hidden command on this code. Can thus be implemented.
Warning, Google immediately , But uninstalling them is explicitly recommended. These are ImageCompress, WithMe Texts, FriendSMS, Relax Relaxation, Cherry Messages, LovingLove Message, RecoveFiles, RemindMe Alarm and Training Memory Game. It is also advisable to look at your bank account and check that no fraudulent money has been taken.