Posted on February 15, 2022 at 12:52 PM
The Joker malware is now active again, posing a major threat to Android mobile devices. The malware was active last year, and it caused a major cybersecurity crisis before Google took it down.
The threat actors behind this malware have been developing it, and they have now launched a new strain of the virus. Nevertheless, reports show that the malware is still working with the same intention of stealing user information.
Joker malware detected on seven Android apps
A report from Pradeo, a mobile cybersecurity firm, confirmed that this malware had indeed been detected. According to the report, the malware was prevalent on seven apps from the Google Play Store.
After the malware was detected last year, Google took action against it, but its reemergence shows it has evolved. The malware can bypass the security measures set by Google to deter malicious apps from being listed on its Play Store.
The extent of breach done by this malware could be higher than estimated. According to Tatyana Shishkova, a cybersecurity researcher with the Kaspersky cybersecurity firm, the Joker malware has been detected in at least 14 Android apps.
Google first detected the Joker malware in 2017. It took a series of actions to successfully tackle it, but the malware has constantly been evolving and stealthily finding its way into the Play Store. It attacks a wide range of applications, and victims can unknowingly install it6 into their devices.
During the latest discovery, Pradeo research noted that one of the apps used to execute this malware is Color Message. However, at least six more apps have also been found to carry the malware. Pradeo research further stated that an analysis of the origin of the malware seems to be Russia, as it communicated with Russian servers.
The Joker malware is a form of “Fleeceware.” The malware is usually executed to steal money from an Android user without detecting it. The malware simulates clicks, and it also intercepts text messages or SMS. The malware also gains access to the phone’s permissions, where it can subscribe a user into unwanted paid premium services without the user’s permission.
The malware is also secretive in its functionality. It can click on ads automatically on the user’s devices. IT also gains access to the payments systems enabled on a device, and it can approve online payments without the user detecting this. In most cases, users will not detect that money has been deducted from their bank accounts until they go through their bank statements and detect unauthorized payments.
As aforementioned, the Pradeo research pinpointed seven apps that have been infected with the Joker malware. These apps include Color Message, Safety AppLock, Convenient Scanner 2, Push Message-Texting & SMS, Emoji Wallpaper, Separate Doc Scanner and Fingertip GameBox.
The seven apps are just the tip of the iceberg, going by the history of this malware. According to Pradeo, the malware has been detected in hundreds of applications over the past two years. The malware is also persistent as every time it has been brought down, a new strain is introduced to the market that affects unsuspecting users.
Protecting oneself against this malware
The only way users can protect themselves from this malware is by uninstalling these apps from their devices. Running an antivirus scan will also ensure that users detect any malicious activity on their mobile device and protect themselves accordingly.
A user should also monitor the performance of their phone and applications, which could show symptoms of malware. One of these symptoms is an application crashing for no possible reason. This could be a sign that the phone could be affected. The other symptom is the usage of a phone’s data and battery. The increased usage could show that malware is running in the background and it is running tasks despite your phone being idle or doing other functions.
As mentioned earlier, the malware can gain access to text or SMS. Hence, if you suspect that your phone has been infected, you need to ensure that people on your contacts list have not received any strange SMS message from you asking them to click on a strange link. The malware can use the phone to send messages to people on your contacts list, increasing the risk of your network being infected.
The best way for users to protect themselves against this malware is to install strong antivirus software and conduct regular security checks. Ensuring that you are using an updated operating system is also recommended. Using a browser focused on privacy will also keep this malware at bay.