The Joker malware is back once again, putting Android devices at risk after making its way back onto the Google Play Store. Security researchers have pinpointed eight Play Store apps that had the nefarious malware loaded onto them. The dangerous malware, which is capable of stealing sensitive information from Android devices, was hidden away on apps downloaded thousands of times.
The latest batch of Android apps infected with the Joker malware were discovered by researchers at Quick Heal Security Labs. The Indian cybersecurity firm reported the compromised apps to Google, who have now taken the infected programmes off the Google Play Store.
However, if you’re among the thousands of people who download these Android apps before they were delisted you’ll need to act quickly to remove them from your device. Here is a list of the eight offending apps: Auxiliary Message, Fast Magic SMS, Free CamScanner, Super Message, Element Scanner, Go Messages, Travel Wallpapers, Super SMS.
The Joker malware has in recent years become one of the most common Android malware threats. The nasty malware family is able to secretly sign Android users up to paid-for subscription services, which if undetected can leave victims seriously out of pocket.
To add insult to injury the Joker malware is also able to steal sensitive information such as SMS messages, contact information as well as details about a victim’s device.
In a blog post online outlining their findings, Quick Heal Security Labs looked at one of the recently discovered apps that spreads the Joker malware.
The Play Store app, known as Element Scanner, when first booted up asks for a number of permissions. It asks for Notification access, which may seem like an innocuous request.
However, this is used to take SMS data from notifications. The app also asks for Contacts access and the ability to make and manage phone call permission.
These permissions don’t seem necessary for a simple document scanning app, and should be red flags to Android users. Afterwards, the document scanner works without showing any visible malicious activity to the user.
However, in the background two payloads are downloaded – the first payload is found in the original app located on the Play Store. This then leads to a second payload being installed, which is the notorious Joker malware.
A final payload is then downloaded for collecting received SMS data. Advising Android users on how to stay safe, Quick Heal Security Labs said: “Malware authors spread these malware applications on the Google Play Store in scanner applications, wallpaper applications, message applications. These types of applications can quickly become a target. Users should try to avoid such applications and use such kinds of applications only from trusted developers.”
They also offered some simple advice on how to stay clear of any other malware threats. This includes…
• Download applications only from trusted sources like Google Play Store
• Learn how to identify fake applications in Google Play Store
• Do not click on alien links received through messages or any other social media platforms
• Turn off installation from the unknown source option
• Read the pop-up messages you get from the Android system before accepting/allowing any new permissions
Published at Tue, 22 Jun 2021 16:08:00 +0000