Cybersecurity firm Quick Heal Technologies has detected a new batch of 8 Joker-infected apps that have a combined download count of 50,000 on Google Play Store.
The app names are Auxiliary Message, Super Message, Fast Magic SMS, Free CamScanner, Go Messages, Element Scanner, Travel Wallpapers, and Super SMS.
The Joker malware (sometimes known as Bread) was first identified back in 2017. It steals users’ data by mimicking the interaction with ads and then sneakily sign users up for subscription services, ones that they might be charged for over the course of several months before they even realize that they’re subscribed.
The cybersecurity firm has alerted Google, and to protect the safety of Android users, Google has removed the apps from its Play Store.
Joker is a new type of threat that steals user data without their knowledge. It can steal such user data, as SMS, contact list, device info, OTPs and more. Once its operators have all the details about the victim, they are automatically enrolled in the various paid premium services. It can render devices useless by constantly showing pop-up ads.
Once launched for the first time, the infected app asks for permission to access notifications and then works as a document scanner without displaying any visible malicious activity. However, in the background, two payloads are secretly downloaded to infect the device and steal sensitive information from the user.
It is important that users thoroughly read reviews before they install any app. Doing so can help prevent them from unknowingly downloading malicious software. They also need to carefully review the permissions that were requested for the app. When not sure about the permissions, they should deny them.