JOKER: This Android Trojan spy will secretly sign you up for premium subscriptions
'Joker' is here to turn your mobile phones into his Gotham. A new Android Trojan with malware dropper and spyware capabilities named 'Joker', was found in 24 Google play store applications. These apps had a total of 472,000 downloads.
Joker is hidden within advertisement frameworks used by the apps and is designed to download a second-stage module as a DEX file that adds more capabilities. Joker has an SMS collection module using which it signs the user for premium subscriptions using the authorization codes automatically extracted from the authorization text messages.
Joker has targeted countries like Australia, France, India, Germany, the UK, and the USA. The malware compares the SIM card's country code with the predefined list of codes in order to check whether the user is from one of the target countries. If the result comes out to be positive the malware further drops the second component of its module.
The second-stage module of Joker periodically checks the command and control (C2) server for new commands to execute. The command and control server will proceed to open the domains with premium offers sent by the campaign's operators.
All the applications which were infected by Joker are already removed from the Play store.
NPAV recommends you to use the apps which are trusted and download it from recognized app stores such as Google's Play store.
Check out the complete list of infected apps below:
-
- Advocate Wallpaper
- Age Face
- Altar Message
- Antivirus Security – Security Scan
- Beach Camera
- Board picture editing
- Certain Wallpaper
- Climate SMS
- Collate Face Scanner
- Cute Camera
- Dazzle Wallpaper
- Declare Message
- Display Camera
- Great VPN
- Humour Camera
- Ignite Clean
- Leaf Face Scanner
- Mini Camera
- Print Plant scan
- Rapid Face Scanner
- Reward Clean
- Ruddy SMS
- Soby Camera
- Spark Wallpaper
Download NPAV mobile security and stay protected.
- Other (42)
- Ransomware (128)
- Events and News (26)
- Features (45)
- Security (433)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (80)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (7)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)