Silently, Unobtrusively — Are Your Bank Accounts Becoming a Victim to The Joker Virus?
Beware of the Apps you install, the Joker virus is back online that could secretly meddle with your bank numbers via those Apps.
A virus that previously became the talk of the town back in 2017 for secretly meddling with people’s bank numbers by invisibly setting itself into action via certain Google Play apps is back. That’s right people! It’s none other than the Joker Virus.
And if you’re someone who hasn’t heard about it, chances are, you might be at the risk of being plundered, especially, if you are using those specific apps (disclosed in this article) from Google Play Store.
Back in 2017, Google took down over 1700 plus apps that were infected from the play store, yet again the virus has found itself back, creeping slowly into new apps this time.
Also, one year back, in the September of 2020, the same virus is known to have had affected more than 24 of the Google Play Android applications which gained a total of 500,000 upward downloads before being potentially removed by Google.
According to the authorities in the Belgian state; the virus has appeared in almost 8 apps this year. While chances are it there might as well be other apps infected, but so far, these have been disclosed by the Belgian police. So, you need to be careful with what apps you’re installing on your android devices.
Although these apps are no longer available for download as the Play Store has already had them down, however, if someone has any of these apps already installed on their android devices, their bank accounts, and credit cards are at the risk of being plundered by the joker virus.
So, how exactly does this virus impose a situation of threat for your bank accounts or credit cards?
Otherwise known as the Bread Malware, the Joker Virus has its roots originated from the Trojan Malware family which, like any other member of the family comes camouflaged as legitimate software (the android apps in this case).
Worked at by cyber-crime doers, thieves, and of course the hackers, the Joker Virus is capable of gaining an access to user’s systems (bank account details and carrying out transactions unconsented by users in this case) .
By gaining access to your bank account credentials, the virus creeps in with the intent of hacking and muddling through your cellphone’s billing options, thereby, performing unconsented operations like enrolling you in some monthly or any ‘timely’ subscriptions or making payments for online purchasing of which you know nothing about. Consequently, it gradually nibbles upon your bank or credit card cash unless you realize it beforehand.
What type of Apps does the virus intrude upon?
The cybersecurity analyzers have detected the Joker Virus intruding upon the victim's Android SMS message apps, gain access to device info, and contacts list. This happens the very moment a user — without knowledge — installs the infected app, and the app asks for certain permissions like access to SMS, contacts, and device info.
Since it is the usual case with us all for having the curiosity of exploring features of the newly installed apps, we all are so used to the habit of tapping that “Allow” button without even reading and analyzing the texts in that permission accessing prompts. That’s our weakness and an open pathway to the Joker virus.
Once it creeps through, it then implicitly interacts with the advertizing websites and silently endorses subscription plans without the consent of users, making them pay for some premium services they know nothing about.
If you’ve noticed, most of the apps that were infected in the listicle image above are texting apps (Auxiliary Message, Fast Magic SMS, Go Messages, Super Message, and Super SMS). There’s a good reason behind it which is of course at the advantage in the virus’ success.
Initially, the hackers behind the Joker virus used frauding via SMS technique and used it to their advantage for making online payments. Later, when Google updated its policies and imposed stricter permissions for apps that required SMS usage permissions on a device, the hackers shifted the virus to the victim's mobile phones using the WAP(Wireless Application Protocol)frauding technique. Either way, hackers transplant malware between your android telephone operators and vendors to authorize online payment services via mobile billing.
Both SMS frauding and WAP frauding techniques require approval from a device and do not require consent, or any interaction thereof, at a user-end(for which they specifically require device info from you at installation). No user interaction allows them to secretly manage automated payments from user’s banks or credit cards resulting in a balance draining gradually. Referring to the unknown charges the victims witnessed on their transaction history, the Belgian Police acknowledged,
You risk a big surprise at the end of the month in your bank account or on your credit cards.
What’s worse about the Virus?
First off, the virus can subscribe a user to the most expensive or the pro/premium services without their authorization.
Last but not least, the bank accounts do not trigger an alert for what appears a regular/normal subscription fee at their monitoring end. Regarding it as the normal fee for a subscription, the system never triggers an ‘unusual movement’ for the activity that apparently appears normal. So, no usage alert report is sent to the user and the virus continues with the looting process in the background.
How to get rid of the Joker Malware if your device gets infected?
Since the Virus attacks by initiating shady subscription via the infected apps listed, it is recommended that the Android users have these apps removed from their devices at the earliest. Note also that just because Play Store has had the infected apps down from their store, it does not necessarily guarantee that those apps will stop working on android phones or get uninstalled automatically from your device. You’ll have to uninstall them manually from your device.
Before you uninstall them, it is best to clear the cache and data registry of the corresponding app from your App settings. That’s because the apps often create some ‘save files’ or backup files on your device which store your login credentials and other personal information — you might have noticed that if you reinstall any app from the Play Store after some time, they resume from the point you left them off.
When you don't clear those saved files before uninstallation by clearing your cache and data, the apps at reinstallation automatically get access to the saved files from the past and so, they resume from the point you left them off.
So, you need to first clear those cache and data registry of the corresponding app from app settings before you uninstall them from your Android. That way you can also stop the virus from creeping into or infecting other apps on your device. Here’s how you can clear the cache and data registry of an app on your device.
- On your Android, open Settings
- Tap on Apps (or App Manager on some Android devices)
- Locate the App you want to clear cache and data registry for and tap it to access the App Info window
- Once the App Info window opens, under the storage tab, tap on clear cache
- Then tap on clear data
Once you are done with the steps you are good to go with the app uninstallation. After proper uninstallation, your device will be free of viruses.
How you can protect your device from the Joker Virus and remain on the Safe Side?
With an increase in the number of cybercrime cases via Android Apps, it is recommended not to download apps from third-party sources. For instance, most of us often download an application’s apk (Android Package) from our browsers for app installation on our device probably because we need the app and the Google Play Store either says that an app is not available for use in our country of stay, or maybe for any other reasons that make the app inaccessible to us.
That’s what is referred to as downloading from a third-party source and even though there are most of them safe and anti-virus software scanned, they can still carry payload snippets (not detectable by the anti-virus software) in their extraction folders which get extracted on the first execution of the apk package and start virus infection activities in the background.
Similarly, apps that get downloaded upon a click on an advertisement also carry a threat of viruses as these too have a third-party source.
Also, check the download counts of applications on the Google Play Store and read user reviews about it. This can give you some sense of the authenticity and/or unreliability of the app you are going to install on your device. Do remember, however, that the immense download count of an App, as it might appear on Play Store, would necessarily guarantee it to be ‘virus free’. That's because most apps often remain uncovered and are downloaded thousands, yet millions of times before they are found to be infected.
Similarly, ratings and reviews of apps on the Play Store might be subjected to counterfeiting, that is they might be fake. What you need to analyze and pay attention to are the negative reviews about the apps from users.
Pay close attention to those permission request prompts from your Android System before you tap on that ‘allow’ button.
Should you receive a follow-up link via a text message (from social media or any other platforms) from an unknown source/contact, disregard it totally. Your mere tapping on it alone might be enough to give unconsented access to downloading third-party apps that can carry viruses.
So, be careful of the apps you install on your device. Keep your bank accounts and credit cards safe from cybercrimes to avoid the risk of getting a big surprise at the end of the month!
Read more of my story content and lots of other unlimited fun articles on Medium written by outstanding authors. Get Medium’s Monthly Subscription for $5 only and get instant access to unlimited fun content on the platform.
Note: The above link is a membership link, meaning if you join the medium platform as a reader or maybe as a writer via this link, I’ll earn a small amount of commission with absolutely no extra cost to you.
