Ticker

6/recent/ticker-posts

Google removes 11 apps from Play store infected with Joker malware; uninstall them nowGoogle removes 11 apps from Play store infected with Joker malware; uninstall them now

Researchers have said that with small changes to its code the Joker malware to get past the Play store’s security and vetting barriers.

Researchers have said that with small changes to its code the Joker malware to get past the Play store’s security and vetting barriers.
Google removes 11 apps from Play store infected with Joker malware; uninstall them now

Late last year we saw the Joker malware surface and spread like wildfire. The latest report from Check Point’s researchers has discovered a new variant of the Joker Dropper and Premium Dialer spyware in the Google Play Store. These were found hiding inside of seemingly legitimate applications. This new updated Joker malware can download additional malware to the device, which in turn subscribes the victim to a number of premium services without their consent.
Meantime, Google has removed 11 apps from the Play Store infected with the notorious Joker malware. The applications include include com.imagecompress.android, com.relax.relaxation.androidsms, com.cheery.message.sendsms (two different instances), com.peason.lovinglovemessage, com.contact.withme.texts, com.hmvoice.friendsms, com.file.recovefiles, com.LPlocker.lockapps, com.remindme.alram and com.training.memorygame.

Joker malware: Everything you need to know

The researchers have said that with small changes to its code the Joker malware to get past the Play store’s security and vetting barriers. This time along the Joker malware has adopted an old technique from the conventional PC threat landscape to avoid detection by Google. The newly modified Joker virus uses two main components to subscribe, app users to premium services. These components are: Notification Listener service and dynamic dex file loaded from the C&C server.
To minimize the Joker’s code, the developer hid the code by dynamically loading it onto a dex file, while at the same time, ensuring that it is able to completely load when triggered. The code inside of the dex file is encoded as Base64 encoded strings, that start decoding and loading as soon as the victim opens the affected apps.
The original Joker malware communicated with the C&C, and then downloaded the dynamic dex file, which was loaded as casses.dex. However, the new modified version of the code is embedded in a different zone, with the classes.dex file loading a new payload. The malware is triggered by creating a new object that communicates with the C&C.
Due to the payload being hidden in Base 64 strings, the only thing that the actor needed to do to hide the file was to set the C&C server to return “false” on the status code, if tests were being run.
Check Point recommends you to check all your apps thoroughly and see if they are from a non-trusted developer. If you feel that you have downloaded an infected file, you should immediately uninstall it. Then you should check your mobile and credit card bills for any irregularities. If there are any talk to the bank and unsubscribe to those charges. Lastly, it is recommended that users should install an anti-virus program on their smartphones to prevent infections. 

Post a Comment

2 Comments

  1. It's very useful blog post with informative and insightful content and i had good experience with this information.I have gone through CRS Info Solutions Home which really nice. Learn more details About Us of CRS info solutions. Here you can see the Courses CRS Info Solutions full list.Find the best Hadoop Training with great faculty. Go to know about crs info solutions Workday Training program.

    ReplyDelete
  2. Thanks for Sharing This Article.It is very so much valuable content. I hope these Commenting lists will help to my website
    workday studio online training
    best workday studio online training
    top workday studio online training

    ReplyDelete