Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Joker Android Malware Dupes Its Way Back Onto Google Play
#1
Information 
Quote:A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday.
 
Malicious apps spreading the Joker have continued to skirt Google Play’s protections since 2019, because the malware’s author kept making small changes to its code. However, researchers say that Joker is now raising the bar, using a tactic – one that’s well known but not yet been used by Joker before now – to hide malicious code inside legitimate applications, allowing it to get through Google Play’s app vetting process.
 
“Joker adapted,” said Aviran Hazum, manager of Mobile Research with Check Point Research, in a Thursday analysis. “The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people.”

Joker is a billing fraud family of malware that first emerged in 2017, but started appearing in earnest in 2019. It advertises itself as a legitimate app, but once installed, it infects victims post-download to steal their SMS messages, contact lists and device information; as well as also stealthily signing them up for premium service subscriptions that could quietly drain their wallets.

The most recent variant of the malware uses a tactic where it hides malicious code inside what’s called the “Android Manifest” file of a legitimate application.  Every application has an Android Manifest file in its root directory, which provides essential information about an app, such as its name, icon and permissions, to the Android system.

Joker has been building its payload before inserting it into the “Android Manifest” file via a dex file, hidden in the form of Base64 encoded strings. This payload is hidden during Google Play’s evaluation of the app, making it easier to skirt by the app vetting process. It’s not until after the app has been approved in the evaluation process that the campaign starts to operate, with the malicious payload decoded and loaded onto the compromised device. It’s important to note that this trick is well-known to developers of malware for Windows PCs, said researchers.

Read more: https://threatpost.com/joker-android-mal...ay/157307/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
The slowest Meteor Lake spotted: Intel C...
Intel Core Ultra 5...harlan4096 — 12:47
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>