American News Group

Avoid ‘Joker’ Android Apps That Sign You Up for Scam Subscriptions

Scammy Android apps? You don’t say. A relatively established bit of malware known as “Joker”—insert your favorite Heath Ledger meme here—has permeated yet another handful of Android apps. And the fun thing about this one is that this Joker likes to sign you up for subscriptions you don’t want.

As security firm Check Point describes:

“Joker, one of the most prominent types of malware for Android, keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers. This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.

To realize the ability of subscribing app users to premium services without their knowledge or consent, the Joker utilized two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services.

In an attempt to minimize Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.”

I think this is important to know about, as Google took time earlier this year to highlight its efforts at blocking apps that incorporate Joker—or Bread, as it’s also known—from appearing in the Google Play Store. As representatives noted:

Joker, like Vanilla Ice, is back with a brand new edition, and it’s definitely not what anyone needs to deal with right now. There’s no real way to prevent this malware from infecting your Android, save for the most important defense you have against apps like these: common sense. The kind of apps that try to sucker you into installing this crap on your smartphone generally look pretty crappy themselves:

In case it’s not obvious, using the screenshot above, let’s walk through some basic warning signs that can help you avoid a malware apps, based on how they appear in the app store:

Simple, right? Perhaps for you, but less tech-savvy individuals could easily get duped into installing apps like these. As Ars Technica notes, the 11 Joker-infected apps highlighted by Check Point were downloaded approximately 500,000 times in total. That’s not a huge amount compared to the millions of downloads that other malware-laden apps can receive, but it’s still not great.

Speaking of, if any of the apps on this list sound like something you currently have on your Android, you might want to uninstall them and check the payment methods you associate with your Android smartphone for any unexpected purchases:

Exit mobile version