Late last year we saw the Joker malware surface and spread like wildfire. The latest report from Check Point’s researchers has discovered a new variant of the Joker Dropper and Premium Dialer spyware in the Google Play Store. These were found hiding inside of seemingly legitimate applications. This new updated Joker malware can download additional malware to the device, which in turn subscribes the victim to a number of premium services without their consent.
Meantime, Google has removed 11 apps from the Play Store infected with the notorious Joker malware. The applications include include com.imagecompress.android, com.relax.relaxation.androidsms, com.cheery.message.sendsms (two different instances), com.peason.lovinglovemessage, com.contact.withme.texts, com.hmvoice.friendsms, com.file.recovefiles, com.LPlocker.lockapps, com.remindme.alram and com.training.memorygame.
Joker malware: Everything you need to know
The researchers have said that with small changes to its code the Joker malware to get past the Play store’s security and vetting barriers. This time along the Joker malware has adopted an old technique from the conventional PC threat landscape to avoid detection by Google. The newly modified Joker virus uses two main components to subscribe, app users to premium services. These components are: Notification Listener service and dynamic dex file loaded from the C&C server.