-->

What is Joker Malware? How to avoid it

Joker malware is another threat to your privacy and sensitive information. Recently the malware has attacked Android mobile devices worldwide, leading to the removal of several apps from the Google Play Store.

This malware is by no means a joke. If you want to keep your device safe, you should know what Joker malware is, and how it works.


What is Joker Malware

This malware is called “Joker” for a reason, it hides behind an app that appears to be genuine and preys on users who don't know it. You might also see the Joker malware called Bread, both of which are the same.

Google first discovered this threat in 2017, and it is still an ongoing problem. The hackers behind the Joker malware threat are constantly finding ways to manipulate Google Play Store security vulnerabilities, so that disguised malware goes undetected.

Joker writers have several methods to make their infected apps bypass the security protocols in the Play Store. In fact, they create a malware-free version of the app, upload it to the Google Play Store, and then install the malware on your device by calling it an “app update”.

When you install an app infected with the Joker malware, it signs up for a paid subscription without your permission. To make matters worse, this malware can also contact your contacts, SMS messages, and your device information. It's hard to get your money back after being a victim of a scam. this, so it's important to prevent infection even before it occurs.


How Does Joker Malware Work?

Apps infected with the Joker malware don't overtly ask for your personal information. The malware is much more sneaky than that, making it harder to spot once you've been a victim.

The first type of Joker malware relies on SMS scams. By sending SMS messages to premium numbers from your cell phone, this malware will register you for a subscription or make payments without your knowledge. Because these premium services and subscription plans often partner with cellular operators, you usually will see these unwanted charges on your mobile bill.

In early 2019, Google tightened restrictions on apps that ask to access your Call or SMS Logs. Thanks to this policy change, many Joker-infected apps were arrested, and then removed from the Play Store. The Google Play Protect implementation also helps keep Android devices safe.

Despite Google's efforts, Joker malware remains. Research by Check Point has discovered a new type of Joker malware that is just as sneaky as the last one. Instead of engaging in SMS scams, it now uses an old trick usually found in Windows malware.

Once on your device, the Joker malware downloads an executable DEX file from a command-and-control server. This code is used to secretly register you for a premium subscription. It then proceeds to prevent subscription confirmation notifications from appearing on your phone.

To do this, the Joker malware makes use of the Notification Listener, an Android feature that gives apps access to your device's notifications. The malware hijacks the Notification Listener, allowing it to interfere with your push notifications.

The latest version of the Joker malware successfully bypasses Google's security using this clever technique. According to Check Point, “the new version now hides malicious DEX files within the app as Base64 encoded strings, ready to be decoded and loaded.”

This means that when the app is placed in the Play Store, there will be no signs of malware. But when the user actually downloads the app, the malware will automatically run.


How To Protect From Joker Malware

Google recently removed 11 apps from the Play Store that contained the Joker malware. If you have any of the following apps, uninstall them immediately:

  * Compress Image (com.imagecompress.android)

  * Contact Message (com.contact.withme.texts)

  * Friends SMS (com.hmvoice.friendsms)

  * Relaxation Message (com.relax.relaxation.androidsms)

  * Cheery Message – listed two times (com.cheery.message.sendsms)

  * Loving Message (com.peason.lovinglovemessage)

  * File Recovery (com.file.recovefiles)

  * App Locker (com.LPlocker.lockapps)

  * Remind Alarm (com.remindme.alram)

* Memory Game (com.training.memorygame)


While most of these malicious apps function as alternative messaging apps, others include image compressors, alarm reminders, wallpaper apps, and more. If any of these apps sound familiar to you, check your phone and credit card bills. transactions or subscriptions that look sketchy can be a sign that your smartphone is infected with Joker malware.


Since an application infected with Joker looks legitimate from the outside, you have to take extra precautions when downloading the application. The photo above is an example of an application infected with the Joker malware, it looks quite legitimate, doesn't it? That's why you have to be careful when downloading an application.

You should also keep in mind that many apps infected with Joker malware have fake user reviews on the Play Store. These positive reviews build trust and also persuade you to download the app.

Luckily, it's pretty easy to spot fake reviews once you know what to look for. If you see duplicate reviews under an app, they're likely fake. The same goes for generic reviews that don't name the app.

Apart from knowing how to identify unsafe apps on the Play Store, you can also protect yourself by installing a reliable security app on your device. You might not think you need an antivirus app on your Android, but it can definitely come in handy when trying to protect against the Joker malware. or other malware.


What is the future of Joker Malware?

Even though Google managed to log over 1,700 apps infected with Joker malware in January 2020, and then removed the 11 apps listed above, that doesn't mean we're completely safe. Joker malware is still out there, and will likely stay there for a while. time. It continues to adapt to Play Store security policies, which means it will continue to evolve over time.

Does this mean that some apps in the Play Store are currently hiding the Joker malware? Unfortunately, some apps may have passed the security protocol correctly. So here you just need to be careful when downloading an app.

Hopefully, this article about What is Joker Malware? How to avoid it, gives you a little insight. Also, read an article about What Is Low-Code And How Does It Work? that you may need to know. Thank you.

Related Posts