Joker Spyware

The malware “Joker” is spyware that gives malicious agents access to the victims’ SMS and contact list and other device information. Apps linked to it on the Google Play Store have been downloaded over 470,000 times, possibly affecting hundreds of thousands of Android devices with malware.

The Joker was capable of stealing SMS messages, contact information and other sensitive data from infected devices. The spyware also signed victims up to premium subscriptions without their knowledge. The researcher who found the malware said it “stands out as a small and a silent one. It is using as little Java code as possible and thus generates as little footprint as possible.”

According to Kuprins, malware only attacks targeted countries. Unfortunately, India finds a place in the list of 37 countries that have been attacked by this spyware. Majority of the infected apps contain a list of Mobile Country Codes (MCC) and the victim is one who is using SIM card from one of these countries in order to receive the second-stage payload. “The majority of the discovered apps target the EU and Asian countries, however, some apps allow for any country to join. Furthermore, most of the discovered apps have an additional check, which will make sure that the payload won’t execute when running within the US or Canada,” Kuprins said, in a blog post.

Google also recently removed the popular CamScanner app from its app store. The app was harboring a malicious module called Trojan-Dropper.AndroidOS.Necro.n and bombarding users with ads. Although there were no data leaks, users were still incredibly annoyed by the module.

For more Cyber Security Information contact us at help@theweborion.com.

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

5 × 5 =