As mobile devices have become common, hackers know where to exactly target their campaigns for maximum reach.
The malicious actors can do this by developing apps, and infect them with malware. These apps are then uploaded and marketed on app stores for maximum exposure, in order to get the most amount of potential victims.
And among the malware hackers can use, is using the notorious Joker.
What began in 2019, the Joker has since been tweaked and developed to infect more apps, and also infect apps on Huawei.
While Google has improved the Android ecosystem, the Google Play Store was still riddled with the Joker, as even more malware was found.
As if making another round, yet more apps with the Joker malware have been found.
Cybersecurity researchers at Zscaler have found that a total of 11 apps that were infected with the Joker malware and were found on the Play Store, in which together, have managed to earn 30,000 installs on the store.
According to Zscaler's blog post:
The apps included:
- Free Affluent Message.
- PDF Photo Scanner.
- delux Keyboard.
- Comply QR Scanner.
- PDF Converter Scanner.
- Font Style Keyboard.
- Translate Free.
- Saying Message.
- Private Message.
- Read Scanner.
- Print Scanner.
The researchers found that the apps offered features for productivity, communication and other utilities like keyboards.
What made the apps flew past Google's radar, is its ever-changing methods.
In other words, the malicious actors behind the malware have given the Joker some new tricks under its sleeves.
Things go beyond that, as the Joker malware payloads can also abuse the notification access functionality.
Once installed, the malware prompts for notification access. Giving it access will allow the malware to potentially read all notifications posted by the device and any other installed apps. Once these settings have been allowed by the user, the malware has the control it needs to carry out its malicious activities.
Among the 11 apps, the app Font Style Keyboard was found to incorporate new changes from the older payloads.
And unlike previous Joker campaigns, the app has a stage payload that is also doing command and control communication.
Android malware is becoming increasingly prevalent as more and more users come online.
With malware like the Joker, people's sensitive data can be stolen, victims can have their privacy compromised, and can be signed up for premium services without their consent or knowledge.
Making things worse, The Joker malware is an infamous example of Android malware, which can spread undetected via the Google Play Store.
Malware is the best and easiest way for malicious actors to get a foothold inside their victims' device.
By creating backdoors, or having compromised devices to do things they wish, hackers can see or access to almost everything their victims have and store on their devices.
The Google Play Store is not the only place that Joker malware can be found, as the same apps are also uploaded to other third-party app stores as well, due to those stores’ regular crawling activities on the Google Play Store.
Fortunately, Google has been quick, as it has removed the apps as soon as the researchers notified them.
Unfortunately, the said apps can live longer on third-party app stores that do not perform these same actions. What's more, knowing that the people behind the Joker is continuously developing the malware, there is no saying when the infection will end.