Joker Malware in Android: 11 Apps to Avoid in Google Play Store to Prevent Infection

Joker Malware in Android: 11 Apps to Avoid in Google PlayStore to Prevent Infection
Be mindful of the apps you are downloading and the access you are permitting to these apps. The Joker malware has successfully bypassed Google Play Store's vetting process and is wreaking havoc on the devices it infects. Avoid downloading these infected apps. Max Bender/Unsplash

The Joker malware is persistent. Despite public awareness of this malicious code, it has made its way into Google's Play Store yet again. Find out the 11 apps to avoid downloading from the Google Play Store to avoid being a victim of the fraud malware.

What Is the Joker Malware?

The Joker malware family is a well-known variant of malicious software that focuses on compromising Android devices, Zdnet explained. The nature of Joker is to spy on its victims, steal information, harvest contact lists, and monitor SMS messaging.

When devices are installed with apps that contain Joker, they can be used to conduct financial fraud. This could be anything from sending text messages to premium members or signing up victims to wireless application protocol (WAP) services that give operators a cut of the profit.

Joker also abuses Android alert systems. If the user grants Joker permission to read all notifications, the malware can hide notifications relating to fraudulent service sign-ups, leaving the victim clueless to all the harmful actions being done right under their noses.

The Joker operators constantly switch up their methods to bypass security mechanisms and Google Play vetting processes, researches said.

Apps Infected with Joker Malware to Avoid Downloading in Google Play Store

Zscaler's ThreatLabz research team has been closely monitoring the Joker malware and noticed regular uploads of it onto the Google Play Store. Google takes malware reports seriously and removes suspicious apps from their store. The infected apps include:

  1. Free Affluent Message

  2. PDF Photo Scanner

  3. delux Keyboard

  4. Comply QR Scanner

  5. PDF Converter Scanner

  6. Font Style Keyboard

  7. Translate Free

  8. Saying Message

  9. Private Message

  10. Read Scanner

  11. Print Scanner

These 11 different apps were regularly uploaded to Google Play and recently amassed over 30,000 installs.

The malware authors targeted some app categories more than others, Zscaler noted. The most heavily targeted categories include health and fitness, photography, tools, personalization, and communication.

Joker authors also use full names for developers for their malicious apps. Names such as Tony Normal, Roela Vautrin, Pamela Thomason, and Wiliam M Miller each have one app registered to the name. Checking the app developer's name and crossreferencing it to the list of Joker publisher names can help identify potential Joker malware.

To bypass the vetting process, the Joker used URL shortener services to retrieve the first level of payload. Two succeeding payload stages follow to complete gaining total control of the infected Android device.

Be on the lookout for the Large EMoji Sender, My City Wallpapers, Love Nature Wallpapers, and Open World Wallpapers apps as well, as these could be Joker-related apps used to assess the infected devices.

The Joker malware authors are very active, Zscaler warned. They innovate their tactics to constantly bypass Google's vetting process for its Play Store. Given the number of payloads uploaded to Google Play, the malicious actors are succeeding in their efforts.

This does not mean Android users should turn to third-party app stores to download applications. Zscalers still recommends using Google Play Store for downloading any mobile apps as it is still relatively safer compared to third-party stores with little to no vetting processes at all.

Be mindful of the apps you are downloading and the access you are permitting to these apps.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics