The Joker virus has caused a severe threat to the vast digital population of Android users across the world. Google has identified 24 apps in the Google Play Store that are affected by this malware, and as a result, all these apps have been removed from the Play Store. To be on the safer side, the Android users must delete these apps at the earliest.
What is Joker Virus/Malware?
The Android platform has always been vulnerable and facing threats from malware from time and again. The latest addition to threat is the Joker Virus. As its name suggests, the Joker Malware relies on ads for signing up people for premium subscriptions and then steal the user data in the background. This new malware is proven to be dangerous for Android users and has already been downloaded on a large number of Android supporting smartphones. As a preventive method, Google has removed all the affected apps from the Play Store. Unlike the previous malware attacks, Joker-infested applications have been downloaded a large number of times even though Google has been removing these apps from its Play Store.
The Joker virus is proved to possess a high threat to Android users in terms of data privacy of the users. The malware has been secretly able to register people for the premium subscription to the services, steal their SMS data and gather all the crucial device information like serial numbers and IMEI numbers.
List of Affected Apps
Following is the list of apps that are affected by the Joker Malware-
- Advocate Wallpaper
- Age Face
- Altar Message
- Antivirus Security – Security Scan
- Beach Camera
- Board picture editing
- Certain Wallpaper
- Climate SMS
- Collate Face Scanner
- Cute Camera
- Dazzle Wallpaper
- Declare Message
- Display Camera
- Great VPN
- Humour Camera
- Ignite Clean
- Leaf Face Scanner
- Mini Camera
- Print Plant scan
- Rapid Face Scanner
- Reward Clean
- Ruddy SMS
- Soby Camera
- Spark Wallpaper
If an Android user has any of the above-listed apps in their Play Store, then they must immediately uninstall these from their smartphones. Besides removing these from the phones, the users also must compulsorily give a full factory reset on the device to get away with such a malicious content on their device.
How Joker Virus Spreads?
The Joker virus hides itself in the advertisement framework that is used by the above-listed applications, thereby, delivering an initialization component or Loader to the user’s device.
The Loader is destined to carry out the set of following tasks-
- Checking the country of the user’s device
- Communicating with Command and Control server
- Decrypting and loading the second stage component that is present in a DEX file-format
- Listening to the phone notifications and then sending the required elements of the Core Joker malware component
- Loader Component
Before attacking the (victim’s) user’s Android device, the Joker virus examines whether the victim is the SIM card from one of the Mobile Country Codes or MCC. Mostly, the infected apps have targeted the Asian and EU countries, though some of them were defined to target the victims worldwide. The Loader is now ready to download the DEX file and uses it for further usage, heading to the core malware functionality.
2. Core Component
The significant part of the Joker Android virus has to have a small amount of code and remain as silent as possible on the infected device. This malware has been developed by professionals who’re looking to and know the means to operate silently without getting noticed. The malware is continuous touch with the C&C server for receiving new tasks and accordingly report results.
The Joker malware’s presence has been observed in 37 countries like Australia, Austria, Belgium, etc. with India being affected the most.