New variant of the Joker spyware hits Google Play with a old trick


A new variant of the Joker spyware hits Google Play with an old trick

Check Point’s researchers have recently discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play. Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent.

Joker a dropper and premium dialer spyware, had once again modified their creation’s code so that the malware would bypass the Play Store’s security mechanisms and conceal itself within seemingly legitimate apps. Upon successful installation, Joker pulled down additional malware onto a victim’s infected Android device. Those threats then furtively subscribed to the user to premium services.

This variant of the spyware family deployed an old trick that it had adopted from the PC threat landscape. Check Point Research revealed that this trick involved the retrieval of a dynamic dex file from Joker’s command-and-control (C&C) server for the purpose of subscribing victims to the premium services.

During our research, we have also detected an “in-between” variant, that utilized the technique of hiding the .dex file as Base64 strings – but instead of adding the strings to the Manifest file, the strings were located inside an internal class of the main application. In this case, all that was needed for the malicious code to run was to read the strings, decode them from Base64, and load it with reflection.

Check point researchers

If you feel suspect you may have one of these infected apps on your device, here’s what you should do:

  • Uninstall the infected application from the device
  • Check your mobile and credit-card bills to see if you have been signed up for any subscriptions and unsubscribe if possible
  • Install a security solution to prevent future infections

Previously we also reported that Tech giant Google removes 25 malicious apps from its Play store that were caught stealing Facebook User data. To avoid all these data thefts you should install a trustworthy Anti-virus or any malware protector to detect and uninstall these malicious apps.

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments