The spyware is back on the Android app store by adopting an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection.
This dangerous spyware hides in seemingly legitimate Android apps,” we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” claims the report. Earlier too, Google had termed these malicious apps as large-scale billing fraud family.
It lists 11 “seemingly legitimate” applications that were infected with this malware but have now been removed.
Speaking about the new threat, Aviran Hazum, Manager of Mobile Research for Check Point said, “Joker adapted. We found it hiding in the “essential information” file every Android application is required to have.”
Commenting on how the efforts by the internet search giant were not enough, he says, “Our latest findings indicate that Google Play Store protections are not enough. We were able to detect numerous cases of Joker uploads on a weekly basis to Google Play, all of which were downloaded by unsuspecting users. The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections.”
The report by Check Point also revealed that the 11 infected apps have already been taken down from Play Store since April 30, however that doesn’t seem to be the end of it. “Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people,” added Hazum.