Joker Trojan steals money from a user’s account by signing them up for premium subscriptions.Joker malware found in 24 apps on the Google Play Store has been found to extract money from users by subscribing them to paid subscriptions without their knowledge. Researcher Aleksejs Kuprins pointed out in a CSIS Security Group blog post that the Joker malware family has begun its recent campaigns in early June 2019 and India is among the infected countries.
Though the apps have been removed from the Play Store, those who still have these on their devices are recommended to delete as soon as possible. But what is Joker malware, how many apps has it affected and in which countries? We take a look at everything to know about Joker malware:
What is Joker malware and what does it do?
Joker Trojan steals money from a user’s account by signing them up for premium subscriptions. It starts by silently simulating interaction with an advertisement without the user knowing and then even steals the victim’s SMS messages, which might contain OTP to authenticate payments.
So essentially, a user might not even know that they have been signed up for a subscription service and the money is being deducted from their account unless maybe they check their credit card statements, etc regularly.
“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription,” the post read.
Joker malware: Which apps are affected and in which countries?
Joker malware has infected a total of 24 apps with over 4,72,000 installs, which Google has reportedly removed from the Play Store. The list includes:
• Advocate Wallpaper
• Age Face
• Altar Message
• Antivirus Security- Security Scan
• Beach Camera
• Board Picture Editing
• Certain Wallpaper
• Climate SMS
• Collate Face Scanner
• Cute Camera
• Dazzle Wallpaper
• Declare Wallpaper
• Display Camera
• Great VPN
• Humour Camera
• Ignite Clean
• Leaf Face Scanner
• Mini Camera
• Print Plant Scan
• Rapid Face Scanner
• Reward Clean
• Ruddy SMS
• Soby Camera
• Spark Wallpaper
The Joker malware has targeted a total of 37 countries with a majority in Asia and the EU. In addition to India, the list includes Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and United States.
Joker malware: How to fix it?
Those who have downloaded any of the apps infected with the Joker malware listed above are recommended to delete them immediately. There is a good chance that the services the malware has signed up a user for will not appear in their Play Store subscriptions. So, to find that out, one will need to carefully sift through their bank account, credit card statement for at least till the month of June to check whether there have been any unwanted transactions without their consent.
Joker malware steals contact list so inform friends, maybe?
The CSIS Security Group blog post has revealed that Joker malware can also potentially steal a user’s device information as well as contact list so it is recommended that those infected call their friends to let them know about the Trojan.
“The final important thing worth mentioning about the Joker is the phone book contact list theft. The core component collects all numbers in the contact list and sends them over to the C&C in an encrypted form,” the post added.
