A new type of malware targeting Android users has been discovered on 24 apps within the Google Play Store.
Security researchers at CSIS Security group uncovered the new strain of malware, which they aptly named the ‘Joker’ after the notorious Batman villain.
Once installed, the malware secretly gets to work signing the user up to different premium services. It silently clicks on advertisements within the app and uses SMS verification codes to verify subscription payments.
It’s also capable of stealing the victim’s text messages, contact lists and even the device’s serial and IMEI numbers.
Before Google removed the malicious apps, the Joker was installed by almost half a million users and it’s unclear how many people still remain at risk.
The infected apps include:
- Advocate Wallpaper
- Age Face
- Altar Message
- Antivirus Security – Security Scan
- Beach Camera
- Board picture editing
- Certain Wallpaper
- Climate SMS
- Collate Face Scanner
- Cute Camera
- Dazzle Wallpaper
- Declare Message
- Display Camera
- Great VPN
- Humour Camera
- Ignite Clean
- Leaf Face Scanner
- Mini Camera
- Print Plant scan
- Rapid Face Scanner
- Reward Clean
- Ruddy SMS
- Soby Camera
- Spark Wallpaper
According to security researcher Aleksejs Kuprins: “The Joker malware only attacks targeted countries. Most of the infected apps contain a list of Mobile Country Codes and the victim has to be using a SIM card from one of those countries in order to receive the second-stage payload. The majority of the discovered apps target the EU and Asian countries; however, some apps allow for any country to join.”
Over 37 countries have been targeted including the UK, Ireland, United States, Australia, Argentina, Brazil and large swathes of Europe and Asia.
Image: Countries affected by Joker Malware (Source: Medium.com)
To avoid installing a malware-infected app on your device, there are a number of guidelines you should follow:
1. Only buy apps from trusted sources
Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware. To check the authenticity of a source, you can check the full name, list of published apps and contact details in the app description within the Google Play or Apple app store.
Permissions are used by apps to access specific functions and data within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app, this should act as a red flag and raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.
3. Learn more about the developer
Take some time to research the developer of the app. Most app stores will include a link to the developer’s web page, and this will give you a good idea if they’re a reputable source.
4. Install anti-virus software and regularly update phone software
Anti-virus software will detect threats on your phone and block unauthorised users from gaining access. It’s also important to regularly update your phone’s software. Malicious apps will often take advantage of older versions of browsers so it’s vital you install the latest software updates.
If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, contact us to find out how we can help.