Check Point’s digital security researchers on Thursday announced the discovery of a new variant of the Joker malware for Android. Experts estimate that the 11 apps with the malicious code totaled more than 500,000 downloads on the Google Play Store. Infected apps have already been removed by Google. Joker malware is often used to conduct large-scale billing fraud.
READ: FGTS coup with emergency withdrawal reaches over 100 thousand on WhatsApp
The threat is spyware and premium dialers – that is, it subscribes the victim to paid services without his knowing it. Google has already banned more than 1,700 apps with the code in the Play Store, identified by security experts in other operations. The company said at the time that the threat was one of the most persistent threats it has dealt with in recent years.
Joker: malware has a new variant and apps have been downloaded more than 500 thousand times – Photo: Pond5
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
Spyware can bypass Google Play Store protections by posing as legitimate-looking apps. The action may go unnoticed on the user’s smartphone for a long time. In the evaluation of Check Point researchers, it was observed that the Joker does not try to load the payload (data transmission charge) malicious, making it easier for malware to pass through Google Play Protect protections.
According to Check Point’s mobile application and device researcher who identified the new malware variant, Aviran Hazum, the discovered method hides the malicious code inside a file called «Android Manifest» from a legitimate app. «The manifest file provides essential information about an application – such as name, icon and permissions for the Android system – that the system must have to be able to execute any application code», says the expert.
Therefore, Hazun explains: «the malware does not need to access a C&C server (Command & Control), which is a computer controlled by a cybercriminal used to send commands to systems compromised by malware, to download the payload which is the piece of malware that performs the malicious action «.
The Joker is a silent malware and it can be difficult to identify. So it is important to keep an antivirus installed on the phone. Infected apps have already been removed from the Play Store, but experts warn of the possibility that the malware will adapt and emerge again.
It is important to avoid installing applications of dubious origin on your cell phone, in addition to checking your cell phone and credit card bills, to check if there is any improper enrollment or signature in your name.
How to remove viruses on an Android phone