The Joker malware steals the money of the users by subscribing them into paid subscriptions without their consent. It first simulates interaction with ads without the knowledge of the user and then steals the victims SMS messages including their OTP numbers to authenticate the transaction.
So basically, a user probably won’t realize that they have been pursued a membership and the money is being deducted from their account unless they check their credit cards statements routinely.
Last year, the Joker malware infected the several apps on google play store and once again it made its way into the play store and infected some apps, due to this reason the google has removed 11 apps from the play store which includes:-
According to Check Point, “Joker keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to urge past the Playstore’s security and vetting barriers”.
At this time, the two new variants of Joker malware namely ‘Joker Dropper and Premium Dialer Spyware’ are discovered within the Google Playstore. These were found hiding in some “seemingly legitimate apps”.
Besides this the malware uses the two components, the first one is the ‘Notification Listener Service’ which is the part of the original application and the second one is a ‘Dynamic Dex File’ loaded from the C&C server to perform the registration of the user to the services.
The report further added that In an attempt to minimise Joker’s fingerprint, the character behind it hides the ‘Dynamic Dex File’ from sight while still ensuring that it is able to load. It is a well-known technique generally used by the developers of malware for Windows PCs.
Check Point also suggests that if you have any of these infected apps in your smartphones then delete them immediately and check your mobile and credit card bill to check if you have been subscribed to any subscription without your consent.
To prevent from ‘Joker malware’ you must install a security solution in your smartphone.