Recently, we have heard a lot of cases related to newly discovered security holes related to shady Android applications, or some cases of Android phones hiding malicious applications and files. could not be deleted …
And this time, a new piece of information will probably startle you: a once-familiar Android malware, called “Joker”, is back. This malware was first discovered about 3 years ago and is the culprit behind the theft of SMS messages, invoice scams, installing spyware tracking users, and many other things. Analysts from Check Point Research have uncovered a range of applications that carry a variation of the Joker malware and hide in “legitimate applications” on the Google Play Store.
“We discovered that the updated version of Joker was able to download malware to the device, thereby registering users in premium services without them knowing it.“- The Check Point team said. Their report provides the package name of 11 malicious applications (one has appeared twice), so you can look to see if they are already present on your device. you but hidden under another name or not:
These include a file recovery service, an image compressor, and a wallpaper collection application that specializes in flowers.
“Joker, one of the most prominent malware on Android, has always found its way into the official Google app market thanks to small changes in the source code, allowing it to bypass the censorship and security barriers of Play Store“- Check Point continued.”However, this time, the person behind the Joker has applied an old technique that originated from the PC and introduced it to the world of mobile applications to avoid being detected by Google.“.
To subscribe people to premium services without being detected, the Joker malware used the Notification Listener service of the original application, along with a dynamic dex file that the server ordered and controlled to load. to perform user registration operation.
Check Point says this is a common technique that malware developers on Windows PCs use to hide source code traces by hiding the dex file while ensuring that the file can be uploaded. .
Google has removed the aforementioned apps from the Play Store, but Check Point’s Aviran Hazum points out that the Joker malware will come back again in some other form. “Malware Joker is difficult to detect, despite the efforts Google has made to increase protection for the Play Store. While Google has removed malicious apps from the Play Store, we can be confident that Joker will adapt to the situation once again.“.
Clearly, this is a good time to remind ourselves to always take the best precautions when using mobile devices – for example, to only download applications from trusted sites. never mind. And stay away from developers that no one has heard of before if you want to be truly secure, as well as apps with lots of negative reviews.