Cyber security researchers found over 60 Joker malware variants on Google Play and third-party app stores. Once downloaded, these apps compromise the device. They can download more malware or spend your money.
Joker malware targets Android devices. It steals SMS text messages contact lists, and device information. it can even register a user for paid services and subscriptions.
Cyber security researchers at Zscaler found 17 Trojanized apps while a report from Zimperium found 64 Joker Trojans. Some of these apps have been downloaded over 120,000 times in September alone.
“…malicious applications can find their way to user’s devices through third party stores, sideloaded applications and malicious websites that trick users into downloading and installing apps.,” says Zimperium.
Joker malware is not a single malicious program but a family of malwares that attacks Android devices. Once downloaded to a device, the infected app downloads more malware to the phone.
Jokes Hide Amongst Other Apps
Joker malware often masquerades as games, wallpaper, or other seemingly harmless apps. In official app stores, weaponized apps sometimes impersonate other legitimate apps to trick a user into downloading it to their phones. Joker malware is a Trojan malware meaning it lures the user into downloading it, but then quickly begins to download other malicious programs. The malware may use interstitial screens most phone users know – like a loading progress bar or spinner – to disguise the other file donwloads.
17 Infected apps found on the Google Play store by Zscaler
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
How to Spot Suspicious Apps
Hackers often use games and other apps to lure unsuspecting mobile users into downloading their malware. Follow these safe practices to help avoid potentially harmful apps to your phone or tablet.
- Be suspicious of apps that ask for unnecessary permissions. For example, an app may ask for permission to access your contact list or camera. Sometimes an app requests access to contacts so it can find other friends who play the same game. However, sometimes apps ask for all possible permissions like access to contact, file storage, cameras calendars, phone calls, and SMS text messages. This is a sign that the app is either poorly written or potentially harmful.
- Be highly suspicious of any app that asks for access to your text messages, phone call logs, contact list, and location data. This makes sense for messaging apps but not for games or business tools like PDF scanners.
- Always read reviews about an app before downloading it. See how long the app has been available and what other users are saying about the app. Check out the developer.
- Never download an app outside of the Google play store or the Apple store. Both app stores have safeguards in place to reduce the number of harmful apps. But the system is not foolproof. Apps downloaded from within games or from third-party sites are not necessarily protected or screened for malware or malicious computer code.
