Joker Malware: The Virus that Took Over Android

The Joker is back in everyone’s mind thanks to his upcoming movie, but it seems that Gotham’s most famous clown took a new form. While Joaquin Phoenix is gathering all the attention for his performance, some hackers decided to create a Joker of their own.

Joker Malware is a new virus that was found in 24 apps from the Google Play Store. This sneaky malware extracted money and data from Android users by subscribing them to paid services without their knowledge. By now, Google has deleted every malicious app that contained the Joker, but not before some damage was already done.

Batman won’t save us this time, so let’s take a closer look at this case to understand how it happened and find a solution. In case you weren’t infected, this is still an important cautionary tale to keep in mind.

The Joker’s Modus Operandi

Every malware has a specific modus operandi, just like any criminal would, and the Joker is no exception. This malware was hidden inside of 24 different apps which didn’t seem to correlate with each other. Once users downloaded any of them, their phone got infected with the Joker malware, which would start causing harm right away. Here’s the full list of infected apps which have already been removed from Google Play.

If you still have any of these installed on your phone, you should delete them immediately.

I’ve added links to each one so you can check if they match any of your Android apps.

• Advocate Wallpaper
• Age Face
• Altar Message
• Antivirus Security — Security Scan
• Beach Camera
• Board picture editing
• Certain Wallpaper
• Climate SMS
• Collate Face Scanner
• Cute Camera
• Dazzle Wallpaper
• Declare Message
• Display Camera
• Great VPN
• Humour Camera
• Ignite Clean
• Leaf Face Scanner
• Mini Camera
• Print Plant scan
• Rapid Face Scanner
• Reward Clean
• Ruddy SMS
• Soby Camera
• Spark Wallpaper

Once the Joker infected a device, it began to steal money from a user’s account by signing them up for paid subscriptions. How is this possible? The malware simulated interactions with advertising websites in order to steal the user’s SMS messages, contact lists and other data from the device. With this information, the Joker was able to automatically sign up users and confirm their identity via SMS messages.

“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for an SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.” (Aleksejs Kuprins, CSIS)

The entire cybercrime happened behind the user’s back and it wouldn’t be noticeable unless they checked their credit card statements regularly. Joker kept a low profile by stealing small amounts of money at a time and using minimal Java code. That way it avoided any unwanted attention, which meant that some users would only realize when it was too late.

What’s the Solution?

If you were among the victims who were affected by the Joker malware, the first step would be to delete the infected apps. You should also check your bank account and credit card at the end of the month and look for any transactions that took place without your consent.

Joker was only able to affect devices that contained a SIM card from a list of 37 countries that were coded into the malicious apps. The cybersecurity company CSIS identified those countries as Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and the U.S.

The best solution for the future is to equip your desktop and mobile devices with anti-malware software. Sound like an obvious answer, but you would be surprised at how many users take their security for granted.

Our team at Online.io is working on the most complete mobile app that will protect users from malware, sneaky adverts, and tracking software. On the meantime, you can experience our online protection on Chrome and Mozilla.

You may have avoided the Joker, but you never know which malware may appear next. So always double-check before you download an app and stay safe!

Want to know more about us?

🔥 Check out our Website for updates!

🐦 Follow us on Twitter.

🗨️ Join our Telegram Group.

📢 Give us a shout-out on Facebook.