When you install an app infected with Joker malware, it signs you up for a paid subscription without your permission
Joker malware can also get hold of your contacts, SMS messages, and your device information. It’s difficult to get your money back after falling victim to this scam, so it’s important to prevent infection before it even happens.
How Does Joker Malware Work?
Apps infected with Joker malware don’t blatantly ask for your private information. The malware is much sneakier than that, making it even harder to realise when you’ve become a victim.In early 2019, Google tightened restrictions on apps that asked to access your Call Log or SMS.
Thanks to this policy change, many Joker-infected apps were caught, and later removed from the Play Store. The implementation of Google Play Protect has also helped keep Android devices safe.
Despite Google’s efforts, Joker malware persists. Research by Check Point has found a new kind of Joker malware that’s just as deceitful as the last. Instead of engaging in SMS fraud, it now uses an old trick that’s typically found in Windows malware.
After landing on your device, Joker malware downloads a an executable DEX file from a command-and-control server. This code is used to secretly sign you up to premium subscriptions. It then proceeds to prevent subscription confirmation notifications from popping up on your phone.
To do this, Joker malware takes advantage of Notification Listener, an Android feature that gives apps access to your device’s notifications. The malware hijacks the Notification Listener, allowing it to interfere with your push notifications.
How to Protect Yourself From Joker Malware
These are the 10 apps google recently removed from the play store that contains Joker malware. If you have any of the following apps, uninstall them immediately:
- Compress Image (com.imagecompress.android)
- Contact Message (com.contact.withme.texts)
- Friend SMS (com.hmvoice.friendsms)
- Relaxation Message (com.relax.relaxation.androidsms)
- Cheery Message – listed two times (com.cheery.message.sendsms)
- Loving Message (com.peason.lovinglovemessage)
- File Recovery (com.file.recovefiles)
- App Locker (com.LPlocker.lockapps)
- Remind Alarm (com.remindme.alram)
- Memory Game (com.training.memorygame)
|Image credit :check point
Since Joker-infected apps look legitimate from the outside, you’ll need to take some extra precautions when downloading apps. The above photo is an example of an app infected by Joker malware—looks pretty legit, right? That’s just how much these infected apps can blend in with all the rest.
You should also keep in mind that many Joker-infected apps have fake user reviews on the Play Store. These positive reviews build trust, and also entice you to download the app.
Fortunately, it’s fairly easy to spot fake reviews once you know what to look for. If you see any duplicate reviews under an app, the reviews are likely fake.
Although Google managed to take down over 1,700 Joker-infected apps in January 2020, and later removed the 11 apps listed above, that doesn’t mean we’re completely safe. Joker malware is still out there, and will likely stay there for a while.
Lastly, you should only install apps that you really trust. Do some extra research on any apps that you want to download. If you see any sign of a scam, avoid it at all costs.