Joker Virus Blog Image

Joker Virus: Latest Threat to Android!!

Joker Virus

The Joker virus has caused a severe threat to the vast digital population of Android users across the world. Google has identified 24 apps in the Google Play Store that are affected by this malware, and as a result, all these apps have been removed from the Play Store. To be on the safer side, the Android users must delete these apps at the earliest.

What is Joker Virus/Malware?

The Android platform has always been vulnerable and facing threats from malware from time and again. The latest addition to threat is the Joker Virus. As its name suggests, the Joker Malware relies on ads for signing up people for premium subscriptions and then steal the user data in the background. This new malware is proven to be dangerous for Android users and has already been downloaded on a large number of Android supporting smartphones. As a preventive method, Google has removed all the affected apps from the Play Store. Unlike the previous malware attacks, Joker-infested applications have been downloaded a large number of times even though Google has been removing these apps from its Play Store.

The Joker virus is proved to possess a high threat to Android users in terms of data privacy of the users. The malware has been secretly able to register people for the premium subscription to the services, steal their SMS data and gather all the crucial device information like serial numbers and IMEI numbers.

List of Affected Apps

Following is the list of apps that are affected by the Joker Malware-

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security – Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper

If an Android user has any of the above-listed apps in their Play Store, then they must immediately uninstall these from their smartphones. Besides removing these from the phones, the users also must compulsorily give a full factory reset on the device to get away with such a malicious content on their device.

How Joker Virus Spreads?

The Joker virus hides in the advertisement framework that is used by the above-listed applications, thereby, delivering an initialization component or Loader to the user’s device.

The Loader is destined to carry out the set of following tasks-

  1. ¬†Checking the country of the user’s device
  2. Communicating with Command and Control server
  3. Decrypting and loading the second stage component that is present in a DEX file-format
  4. Listening to the phone notifications and then sending the required elements of the Core Joker malware component
  • Loader Component

Before attacking the (victim’s) user’s Android device, the Joker virus examines whether the victim is the SIM card from one of the Mobile Country Codes or MCC. Mostly, the infected apps have targeted the Asian and EU countries, though some of them were defined to target the victims worldwide. The Loader is now ready to download the DEX file and uses it for further usage, heading to the core malware functionality.

  • Core Component

The significant part of the Joker Android virus has to have a small amount of code and remain as silent as possible on the infected device. This malware has been developed by professionals who’re looking to and know the means to operate silently without getting noticed. The malware is continuous touch with the C&C server for receiving new tasks and accordingly report results.

The Joker malware’s presence has been observed in 37 countries like Australia, Austria, Belgium, etc. with India being affected the most.

It is quite evident that the main task of the Joker virus is to initiate user’s clicks on the advertisements. As a result of this, it pops up premium offer URLs and injects the JavaScript commands and then wait for the authorization SMS to arrive. As the Android virus has a phone notification checker, it quickly grasps the incoming SMS and thereby extracting the needed confirmation code for purchasing the premium services on behalf of the victim. This malware can also steal the text messages from the victim’s phone along with the entire address book and sending it to the C&C server. Users need to make sure that they are always checking the app permissions and download only the trustworthy apps on their devices to avoid any Android virus infection.

Rishabh Sinha

1 Response

Leave a Reply

Follow by Email