The Joker malware once again bypassed Google's security, spreading strongly on the Play Store

The Joker malware has been around since 2017, but Google has so far struggled to detect and stop it.

Security researchers at Check Point have just discovered that the Joker malware is spreading on Android devices. Joker often lurks in legitimate applications and then silently signs up for high-cost services without the user's knowledge. 

The Joker has been repeatedly deleted from the Play Store several times, but it soon finds a way to return. This time, it hides the malicious DEX executable code inside the application as a Base64 encoded string. Once hacked into the victim's device, the strings will be decoded and then launched. 

Picture 1 of The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
The Joker malware has been around since 2017 and is very sophisticated

After receiving a warning from Check Point, Google removed 11 applications containing Joker malware from the Play Store on April 30, 2020.

"It is difficult to detect the Joker malware even though Google has invested heavily in Play Store protection measures , " said Check Point expert Aviran Hazum, who discovered Joker's new intrusion methods. "Although Google has removed applications containing Joker from the Play Store, we think this malicious code will be able to return in the future."

First discovered in 2017, Joker is a well known and popular Android malware. In addition to scams and self-registration of expensive services, Joker can also steal information such as SMS, contacts and device information.

Last year, Joker-related campaigns reached a peak when a number of security units such as CSIS Security Group, Trend Micro, Dr.Wed and Kaspersky discovered a series of malicious applications. In addition, Joker is constantly finding unique ways to exploit vulnerabilities in Play Store's security testing method.

To hide their true nature, the guys behind the Joker used a variety of methods including chain security to avoid detection tools, buy fake reviews to attract users to download. application. The most sophisticated technique is versioning, bringing the Play Store a clean, quality application to attract users to download, then silently update more malware.

Below is a list of applications infected with the new Joker malware, the application name is in the 2nd column, behind the com .

Picture 2 of The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
List of applications infected with Joker malware new version

You should check if your device has any of these installed. If so, immediately remove and check the transaction history for any suspicious payment.

Update 13 July 2020
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile