Four different apps on Google Play were found to carry the joker malware and could infect user devices once downloaded. The four apps were free and have been downloaded by over 100,000 people, as researched by online pokies for real money Australia.
Three of the apps were published within the last month, while one was first published in November 2020 – although the researchers were unable to identify when it had been modified to deliver malware.
Pradeo, in a blog post-Tuesday, warned users to immediately delete “Smart SMS Messages,” “Blood Pressure Monitor,” “Voice Languages Translator,” and “Quick Text SMS” from their devices. (Google has already removed all four of the apps from the Google Play store.)
Joker is a type of “fleeceware,” which subscribes infected devices to unwanted paid services. It also sends SMS messages and makes calls to premium numbers without the phone owner’s knowledge, running up a big phone bill, of which the hackers take a cut. The practice is also referred to as “toll fraud.”
“By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect. In the last three years, the malware was found hiding in thousands of apps,” Pradeo wrote. “Victims only notice the fraud when receiving their mobile phone invoice, potentially weeks after it started.”
The company says it has found Joker in at least 11 other Android apps recently—even as Congress considers a bill that would force Apple and Google to let apps circumvent their marketplaces in a practice called “sideloading.” In every case, the apps are programmed to install other applications on infected phones, which could add even more dangerous malware.
Joker, sometimes called Jocker, has been around for a while, but its footprint has been growing lately. Researchers from security firm Kaspersky say the malware has become advanced enough that it can bypass bot-detection mechanisms on paid service sites.
Once you’ve installed an app infected with the malware, it will request access to text messages and/or notifications, whichever makes sense depending on the type of app it’s hiding within. Kaspersky notes that by gaining access to notifications, it can intercept confirmation codes received in the text of messages, letting it subscribe to a paid service without the user being aware.
Microsoft, last week, published an extensive warning about Joker and other sorts of malware that contribute to toll fraud: “Toll fraud has been one of the most prevalent types of Android malware in Google Play Store since 2017, when families like Joker and their variants made their first appearance. It accounted for 34.8% of installed Potentially Harmful Application (PHA) from the Google Play Store in the first quarter of 2022, ranking second only to spyware.”
In their Google Play listings, the weaponized apps Pradeo discovered looked legitimate enough. The company, though, says there are a few steps users (generally and also from www.bestunitedstatescasinos.com) can take to protect themselves against future downloads with Joker hidden in the code.
First, take a look at the developer’s account. If they have only one app, tread with extreme caution. (Once an app is banned, the hacker will simply open a new developer account.)
Also, look for red flags with the privacy policy. If it’s hosted on a Google Doc or Google Site page, that’s a warning sign. If it uses a template or is especially short, steer clear. And if it doesn’t disclose the full extent of the activities the app can perform, walk away.