- Google has removed another batch of Android apps from the Google Play Store after Check Point Research analysts discovered these apps connected to the Joker malware that previously haunted the Google app market.
- In the past, the Joker malware was responsible for everything from stealing SMS messages to spyware.
- This is because other worrying security-related issues involving Android apps and devices have recently been found.
Lately, it seems like we are barely writing about a recently discovered security vulnerability involving incomplete Android apps, or instances like some Android phones that apparently hide malicious and unrecoverable files and apps on users’ devices, that another similar issue arises from new. -a mole style.
This time, it’s a familiar type of bouncing Android malware, called “Joker,” which was first identified about three years ago and has been responsible for everything from stealing SMS messages to billing fraud and spyware. Analysts at Check Point Research found a number of apps that use what the researchers described as a variant of the Joker malware and were hiding in the Google Play Store in “apparently legitimate apps.”
“We found that this updated version of Joker could download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” the Check Point team wrote in a summary of their findings, available here. That report provides the package names for 11 of the offending apps (one of which is listed twice), so you can use them to see if any of them may have been on your phone but with a different identity:
- com.imagecompress.android
- com.contact.withme.texts
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.cheery.message.sendsms
- com.cheery.message.sendsms
- com.peason.lovinglovemessage
- com.file.recovefiles
- com.LPlocker.lockapps
- com.remindme.alram
- com.training.memorygame
Those apps include a file recovery service, an image compressor, and a flower-focused wallpaper collection app.
“Joker, one of the most important types of malware for Android, continues to find its way into the official Google app market as a result of minor changes to its code, allowing it to overcome Play Store security and verification barriers.” The points team continued in their report. “This time, however, the malicious actor behind Joker adopted an ancient technique from the conventional PC threat landscape and used it in the world of mobile applications to avoid detection by Google.”
To subscribe people to premium services without them knowing, the Joker malware apparently used the notification listener service from the original applications, as well as a dynamic dex file that the command and control server loaded to perform user registrations. real.
Check Point says it’s a common technique for Windows PC malware developers to hide the “fingerprint” of their code by hiding the dex file while making sure it can be loaded.
Google has launched these apps from the Play Store, but Check Point’s Aviran Hazum told a news outlet that the Joker malware, however, will probably come back again somehow. “Joker malware is difficult to detect, despite Google’s investment in adding protections from the Play Store. Although Google removed malicious apps from the Play Store, we can expect Joker to adapt again. “
That is, this is probably the best time to remember best practices when it comes to using the device; for example, only download apps from trusted names. And stay away from developers that no one has heard of before if you want to be more confident, as well as away from apps that have a lot of negative reviews.
Andy is a reporter in Memphis and also contributes to media like Fast Company and The Guardian. When he’s not writing about technology, he can be found protectively hunched over his burgeoning vinyl collection, as well as guarding his whovianism and binging on a variety of television shows he probably won’t like.
.
