By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Droid Tools
  • News
  • ROMs
  • Download
    • Apps
    • Tools
  • Devices
  • Guides
    • Starter Guides
    • Tips & Tricks
    • Flashing
  • Code
Search
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
Reading: The malware that signs you up for pricey services – Joker
Share
Aa
Aa
Droid Tools
  • News
  • ROMs
  • Download
  • Devices
  • Guides
  • Code
Search
  • Home
  • News
  • Download
  • ROMs
  • Devices
  • Guides
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
Follow US
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Home – News – The malware that signs you up for pricey services – Joker

News

The malware that signs you up for pricey services – Joker

Share
5 Min Read
SHARE

Dozens of malicious apps, some available in Play, found in the past couple months. Joker malware

September has been a busy month for malicious Android apps, with hundreds of them flooding either Google Play or third-party markets from a single malware family alone, researchers from security companies said.

Known as Joker, since late 2016, this family of malicious apps has been targeting Android users and has been one of the most common threats to Android more recently. Joker apps secretly subscribe to costly subscription services once activated and can even steal SMS messages, contact lists, and computer information. Researchers last July said they found Joker lurking about 500,000 times in 11 apparently legitimate apps downloaded from Play.

Late last week, researchers from security firm Zscaler said they discovered a new batch of 120,000 downloads containing 17 Joker-tainted games. Over the course of September, the applications were progressively uploaded to Play. Meanwhile, security firm Zimperium announced on Monday that in September, company researchers discovered 64 new Joker variants, most or all of which were seeded in third-party app stores.

And, as ZDNet noted, this month and in July, researchers from security firms Pradeo and Anquanke found more Joker outbreaks. Since it first came to light in December 2016, Anquanke said it had located more than 13,000 samples.

Read More

42 Chinese Spying Android Apps

Update time! – Android 13 Beta 3

DuckDuckGo’s search not so private afterall

What’s next in Qualcomm’s 5G smartphones world

Google Pixel 6 and 6 Pro deals in late March 2022

“Joker is one of the most prominent malware families that continually targets Android devices,” Zscaler researcher Viral Gandhi wrote in last week’s post. “Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques.”

The roundabout way of attack is one of the keys to the Joker ‘s success. The apps are knockoffs of legitimate apps and contain no malicious code other than a “dropper” when downloaded from Play or a different market. The dropper, which is heavily obfuscated and includes only a few lines of code, installs a malicious part and drops it into the app after a delay of hours or even days.

joker malware

A flow chart that captures the four pivot points each Joker sample uses was given by Zimperium. In order to mask update components as innocuous applications such as games, wallpapers, messengers, translators and photo editors, the malware often uses evasion techniques.

The evasion techniques include encoded strings inside the samples where an app is to download a dex, which is an Android-native file that comprises the APK package, possibly along with other dexes. The dexes are disguised as mp3 .css, or .json files. To further hide, Joker uses code injection to hide among legitimate third-party packages—such as org.junit.internal, com.google.android.gms.dynamite, or com.unity3d.player.UnityProvider—already installed on the phone.

The purpose of this is to make it more difficult for the malware analyst to spot the malicious code, as third-party libraries generally contain a lot of code and the existence of additional obfuscation will make it much more difficult to spot the injected classes, “wrote Zimperium researcher Aazim Yaswant.” “In addition, the use of valid package names defeats naïve [blocklisting] attempts, but our z9 machine-learning engine allowed the researchers to detect the above-mentioned injection tricks safely.”

Three forms of post-download strategies to circumvent Google’s app-vetting process are detailed in the Zscaler write-up: direct downloads, one-stage downloads, and two-stage downloads. The final payload was the same, despite the delivery variations. If the final payload is downloaded and enabled by an application, the knock-off application has the opportunity to sign up for premium subscriptions using the user’s SMS app.

A Google spokesman declined to comment other than to note that Zscaler reported that the company removed the apps once they were privately reported.

Using an antivirus app from Malwarebytes, Eset, F-Secure, or another reputable maker is also an option, although they, too, can have difficulty detecting Joker or other malware.

TAGGED: antivirus, joker, malware, virus
rob September 30, 2020
Share this Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Reddit Telegram Email Copy Link Print
Share
Previous Article 20200519 110838 Disable Ads in MIUI 12 with a single toggle
Next Article google assistant Protect your privacy from Google Assistant – 5 settings to disable
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You Might Also Like

spy android apps
NewsApps

42 Chinese Spying Android Apps

July 3, 2022
Android 13 Beta 3
ROMsNews

Update time! – Android 13 Beta 3

June 13, 2022
duckduckgo logo
News

DuckDuckGo’s search not so private afterall

May 26, 2022
qualcomm 5g
News

What’s next in Qualcomm’s 5G smartphones world

May 10, 2022
Show More
Droid Tools
Follow US
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Removed from reading list

Undo
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?