Joker: The Android Trojan

Google has always been concerned about security and has always trying to provide secure services. Researchers have discovered a new malware(Trojan) by the name of “Joker”. This Trojan is spyware and it has been found linked to 24 different applications on the Google Play store with approx above 472000* downloads in total.

“This Joker Trojan employs notably stealthy tactics to perform quite malicious activities on Google Play Store while hiding within the advertisement frameworks and not exposing too much of its malicious code out in the open,” said researcher Aleksejs Kuprins in his reports.

This Trojan is designed to download a second-stage component like a DEX(Dalvik Executable Format) file, you can know more about DEX file with the below-given link.

Dalvik Executable format | Android Open Source Project

The DEX file is a code file for the Android operating system, which enables the malware and adds other capabilities making it more dangerous. It steals sensitive data such as contact lists, text messages, and other device information.

Joker is also involved in sign up users for premium subscriptions. This malware uses SMS collection module and with access to text messages, Trojan extracts codes from authorization messages to subscribe users to premium services. The stolen data is encrypted and then sent to a remote server.

Trojan targets only Android users from very specific countries, these countries include India, China, Germany, the US, the UK, France, and Australia, using a list of country codes.

After the apps are installed, suddenly the splash screen is shown, which displays the app logo, while in the background various malicious processes. While activating the spyware, the malware starts by comparing the country code of the SIM card. In case users are from targeted country malware starts the second stage components.

With the increase in malware and spyware events, Android users are experiencing extremely safety and security challenges. The real question is Google is going to do something about it or users have to find a way to get away from this malware.

I will suggest do not download any unnecessary applications from play store until Google finds a way to get rid of this new active Trojan.

If you liked what you read, please leave some claps!

Follow me:

Twitter : https://twitter.com/imRaviSSingh

Facebook : https://www.facebook.com/itsravishankarsingh

Instagram : https://www.instagram.com/itsravishankarsingh/

Github : https://github.com/ravishankarsingh1996

LinkedIn : https://www.linkedin.com/in/itsravishankarsingh/

About.me :https://about.me/itsravishankarsingh