New Delhi: With malwares and spywares constantly on the rise, an old malware Joker seems to have again cropped up on Google, attacking Android smartphone users.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Highlighted by Check Point, their researchers recently discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play.


“Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” the research said.


The research said that Joker has been a type of malware for Android that has several time invaded Google’s official application market. This is a result of “small changes to its code, which enables it to get past the Play store’s security and vetting barriers”, it said.


“This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google. To realize the ability of subscribing app users to premium services without their knowledge or consent, the Joker utilized two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services,”.


Check Point highlights the following 11 IOC’s


com.imagecompress.android


com.contact.withme.texts


com.hmvoice.friendsms


com.relax.relaxation.androidsms


com.cheery.message.sendsms


com.cheery.message.sendsms


com.peason.lovinglovemessage


com.file.recovefiles


com.LPlocker.lockapps


com.remindme.alram


com.training.memorygame


It may be recalled that the search engine giant Google was recently learned to have struck down 25 apps for phishing on the Facebook login credentials of users.


According to the French cyber-security firm, Evina the new malware steals Facebook logins and could effectively ruin your online and offline life.


“New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins. This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps,” Evina wrote in a blog post.