A brand new set of trojanized apps unfold through the Google Play Store has been noticed distributing the infamous Joker malware on compromised Android gadgets.
Joker, a repeat offender, refers to a category of dangerous apps which might be used for billing and SMS fraud, whereas additionally performing a variety of actions of a malicious hacker’s selection, equivalent to stealing textual content messages, contact lists, and machine data.
Despite continued makes an attempt on the a part of Google to scale up its defenses, the apps have been regularly iterated to seek for gaps and slip into the app retailer undetected.
“They’re usually spread on Google Play, where scammers download legitimate apps from the store, add malicious code to them and re-upload them to the store under a different name,” Kaspersky researcher Igor Golovin mentioned in a report revealed final week.
The trojanized apps, taking the place of their eliminated counterparts, usually seem as messaging, well being monitoring, and PDF scanner apps that, as soon as put in, request permissions to entry textual content messages and notifications, abusing them to subscribe customers to premium companies.
A sneaky trick utilized by Joker to bypass the Google Play vetting course of is to render its malicious payload “dormant” and solely activate its capabilities after the apps have gone reside on the Play Store.
Three of the Joker-infected apps detected by Kaspersky by means of the tip of February 2022 are listed beneath. Although they’ve been purged from Google Play, they proceed to be accessible from third-party app suppliers.
- Style Message (com.stylelacat.messagearound),
- Blood Pressure App (blood.maodig.elevate.bloodrate.monitorapp.plus.tracker.device.well being), and
- Camera PDF Scanner (com.jiao.hdcam.docscanner)
This just isn’t the primary time subscription trojans have been uncovered on app marketplaces. Last 12 months, apps for the APKPure app Store and a widely-used WhatsApp mod have been discovered compromised with malware known as Triada.
Then in September 2021, Zimperium took the wraps off an aggressive money-making scheme known as GriftHorse, following it up with one more case of premium service abuse known as Dark Herring earlier this January.
“Subscription trojans can bypass bot detection on websites for paid services, and sometimes they subscribe users to scammers’ own non-existent services,” Golovin mentioned.
“To avoid unwanted subscriptions, avoid installing apps from unofficial sources, which is the most frequent source of malware.”
Even when downloading apps from official app shops, customers are suggested to learn the evaluations, verify the legitimacy of the builders, the phrases of use, and solely grant permissions which might be important to carry out the supposed capabilities.