Cybersecurity researchers have again discovered a series of Android apps that spread the Joker malware. This malware is known to be very dangerous because it can steal data as well as drain the victim's credit.
Joker is a malware that has been circulating in the Google Play Store for a long time. Although it has been eradicated many times by Google, the application that carries this malware always reappears to replace the application that was deleted.
"They usually spread on Google Play, where scammers download genuine apps from stores, add malicious code to them and re-upload apps to stores using different names," Kaspersky researcher Igor Golovin said in the report, as quoted by The Hacker News, Wednesday (11/5/2022).
"Subscribed trojans can bypass bot detection on websites for paid services, and sometimes they register users with fraudulent services themselves that don't actually exist," he continued.
Joker malware can drain the victim's credit or account by registering the victim to a premium SMS service. Not only that, this malware can also be ordered to steal user data such as SMS, contact lists, and device information.
close
The apps that carry the Joker malware are usually messaging, health, and PDF scanner apps. Once installed, the app will ask for permission to access SMS and notifications, and then use it to register the victim for a premium service.
The Joker malware is also always equipped with the latest tricks to trick Google's detection. One of them is by activating its malicious payload after the app has successfully entered the Play Store.
Kaspersky managed to detect three applications that were infiltrated by the Joker malware until February 2022. Although they have been removed by Google, these three applications are still available through third-party app stores. Here is the list:
Style Message (com.stylelacat.messagearound)
Blood Pressure App (blood.maodig.raise.bloodrate.monitorapp.plus.tracker.tool.health)
Camera PDF Scanner (com.jiao.hdcam.docscanner)
This isn't the first time a rogue trojan like this has been found on an app store. Last year, an app in the APKPure App and several popular WhatsApp mods were also known to spread the Triada malware.
To avoid scam Android apps like this, make sure to always install apps from official sources and avoid unofficial sources as they are hotbeds of malware.
Even when downloading applications from official stores, users must also check reviews, developer reputation, terms and conditions, and be careful when granting access permissions.