CATEGORIES
home News

Joker Android Malware Laughs At Google Play Security Again In Premium Billing Scam

by Brandon HillThursday, July 09, 2020, 11:41 AM EDT
android malware
The researchers at Check Point Security are warning about a new strain of the Joker Dropper malware that has found its way into the Google Play Store (again). Unfortunately for unassuming Android users, Joker is a rather old piece of malware dating back to 2017, which keeps "reinventing" itself to circumvent security protections put in place by Google.

The latest version of Joker is using nefarious means to subscribe its Android victims to premium services, which pads their monthly cell phone bills with additional charges. In this latest iteration, Joker hides its code in the Android manifest file for an app. By going this route, Joker doesn’t need to access a command and control (C&C) server to download its malicious payload.

In order to mask Joker's nefarious deeds, the folks at Check Point says that the malware developers have also adopted techniques previously used on PC platforms. "This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded," writes Check Point. 

joker 1

The researchers notified Google of their findings, and 11 apps infected with Joker were removed from Google Play as of April 30th, 2020. The infected apps included the following:

  • com.imagecompress.android
  • com.contact.withme.texts
  • com.hmvoice.friendsms
  • com.relax.relaxation.androidsms
  • com.cheery.message.sendsms
  • com.cheery.message.sendsms
  • com.peason.lovinglovemessage
  • com.file.recovefiles
  • com.LPlocker.lockapps
  • com.remindme.alram
  • com.training.memorygame

The primary method of attack for Joker is to install itself through seemingly legitimate app, and then download additional software that allows it to both read and send SMS texts. With Android's security compromised, it then secretly signs victims up for premium services, which is a frequent type of billing fraud. 

"The Joker malware is tricky to detect despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again," said Check Point’s Aviran Hazum. "Everyone should take the time to understand what Joker is and how it hurts everyday people.

“We found it hiding in the 'essential information' file every Android application is required to have. Our latest findings indicate that Google Play Store protections are not enough. We were able to detect numerous cases of Joker uploads on a weekly basis to Google Play, all of which were downloaded by unsuspecting users."

If you have installed any of the above apps on your Android device, you should uninstall them immediately. After that, check your cell phone bill for any mysterious charges that may have popped over the past few months and dispute them with your wireless carrier.

Tags:  Android, Malware, Google Play, (nasdaq:goog), joker
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment