October 2021 E-Newsletter

CYBERSECURITY AWARENESS TIPS
Joker Alert
WRITTEN BY MEEKNESS BOLARINWA CISM, CEH
OCTOBER 2021

Joker Malware Floods Android Apps

The Joker Trojan has found its way back on the Google Play store, in the form of malicious Android applications with the ability of hiding the billing-fraud malware, and from research findings is also using some new approaches to evade the Google’s app vetting process (Goodin, 2020).

How the Joker Trojan operates

The Trojan steals victim’s information from their devices via Short Message Services (SMS messages), contact list, and through device information. This malware usually disguises itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators, and wallpapers. After the Trojan has

sneaked into the victim’s device, it silently interacts

with advertisement websites and subscribes the victim unknowingly to premium payment services controlled

by hackers. This type of billing fraud is categorized by researchers as “fleeceware.”

It is a known fact that this type of malicious Joker applications are usually found on the unsanctioned third-party stores, not on the official Google Play store, but hackers have been trying to evade Google Play’s protections since 2019. This was made possible because the malware’s creators have kept making small changes to their attack methodology. As a result, it has given rise to periodic waves of Joker infestations on the official Google Play Store including two massive onslaughts in 2020. Over 1,800 Android applications were infected on Google Play Store in the last four years but were removed from the store according to researchers at Zimperium.

Researchers at Zimperium also said that at least 1,000 new samples have been detected in the latest wave since September 2020. Many of these applications have unfortunately found their way into the official marketplace

No Joke: consumers and enterprises alike are at risk

These applications are showing up for the first time in other market outlets which is a major source of concern not only to the users but enterprises alike. For instance, Huawei Android official App Store (AppGallery) recently found some instances of Joker Trojan infested apps. In April last year, Doctor Web stated that the apps were downloaded by users unknowingly to more than 538,000 devices (Doctor Web, 2021).

What to do?

1. Don’t download any app from an unofficial store and ensure not to download any app that you don’t need even from an official store.

2. Don’t give too much permission to any app on your mobile device.

3. A periodic scan of your mobile device can also help to detect any malware on your mobile device.

4. If you have your bank app on your device, check your statement regularly to detect any form of discrepancies.

"This malware usually disguises itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators, and wallpapers. After the Trojan has sneaked into the victim’s device, it silently interacts with advertisement websites and subscribes the victim unknowingly to premium payment services controlled by hackers. This type of billing fraud is categorized by researchers as “fleeceware.”"

Quick IT Security Awareness Tips on Devices

Tip 1: Avoid download of free software

Tip 2: Enable multi- factor authentication on your major financial and social media apps,

Tip 3: Use licensed end point protection software on all devices.

References

Doctor Web. (2021, April 07). Malware found on the AppGallery app store for the first time. Retrieved from Dr. Web: https://news.drweb.com/show/?i=14182&lng=en

Goodin, D. (2020, September 28). “Joker”—the malware that signs you up for pricey services—floods Android markets. Ars Technica. . Retrieved from Ars Technica: https://arstechnica.com/information-technology/2020/09/joker-the-malware-that-signs-you-up-for-pricey-services-floods-android-markets/