Joker is back! Capable of stealing bank details, this dangerous malware has infiltrated four highly downloaded Android applications. Check that they are not installed on your smartphone, otherwise you will receive hefty bills…
Beware of the applications you download on your Android smartphone or tablet! Researchers from the security specialist Pradeo discovered four new infected apps in the Google Play Store. The culprit: Joker, a malicious and sneaky piece of software that has nothing to envy to the villain of Batman. Indeed, it belongs to the category of fleeceware, these scam software used to empty the bank accounts of their victims. It’s not the first time that Joker has raged (see our article), but he has stolen highly downloaded applications…
Joker: malware that targets bank accounts
Via a rather innocuous application, Joker grants himself system permissions, and more particularly control over SMS. He then subscribes to paid services and makes online purchases, taking care to systematically intercept the validation message required by the double authentication (2FA). It even goes so far as to automatically make calls and SMS to premium rate numbers. These are often small sums – so as not to attract attention – but which, combined, end up making a nice jackpot. It also reads text messages and takes screenshots, allowing it to obtain valuable information, such as passwords and banking details. As if that weren’t enough, infected apps are also capable of installing other apps on the infected device, which can be even more dangerous.
The Joker malware is difficult to detect because it uses very little code, so its “digital fingerprint” is very discreet. Also, once installed, it hides its app icon, which makes it very difficult to uninstall manually. Over the past three years – the software first appeared in 2019 – it has claimed hundreds of thousands of victims. Already in December 2021, he had infiltrated the Color Message application, downloaded 500,000 times. Under its innocuous appearance – it offered many customization functions – the application retrieved the user’s contact list to send it to a server in Russia, while subscribing it without his knowledge to services paying. Today, these four applications, which together account for more than 100,000 downloads, have been affected:
- Smart SMS Messages (version 1.3.2)
- Blood Pressure Monitor (1.3.238)
- Voice Languages Translator (2.0)
- Quick Text SMS (2.0)
They have since been removed from the Play Store, but still pose a threat to people who have already downloaded them. In order not to be fooled, you have to pay attention to certain points when installing software. Typically, their developer’s accounts only feature one app, with very short privacy policies – these are often cut-and-pastes which, of course, never reveal the full extent of the app’s activities. perform. You should also be wary of software that is never linked to a company name or a website. So be careful.