Last updated on
June 22, 2021, 11:45 p.m.
The infamous Joker Trojan horse is back to haunt Android devices. Eight apps known to spread malware have since been removed from the Google Play Store. However, this just prevents new downloads.
If any of these apps are installed, here’s a closer look at how Joker malware works and how you can avoid it.
What are these applications?
A recent report from Quick Heal Security Labs identified eight applications that spread Joker malware. These are Auxiliary Message, Magic Quick SMS, Free Cam Scanner, Super Message, Item Scanner, Go Messages, Travel Wallpapers and Super SMS.
If you have installed any of these apps, we recommend that you uninstall them immediately.
Most malicious applications are primarily intended for messaging.
Malware subscribes to premium services, charges victim’s accounts
For the uninitiated, the Joker malware that has been around for about three years steals information about the owner of an Android device through SMS messages, stored contacts, and the device information page in settings.
It uses this information to subscribe to premium services which drain the victim’s bank account.
When a victim installs an infected application, the malware is downloaded silently to their device.
Malware exploits permissions of infected app, reads all SMS messages
Once installed, the infected application would require access to notifications in order to function. This permission is misused by malware to read the content of incoming text messages using the At the reception order.
Then it abuses the infected app’s access to contacts and the permission to make and handle phone calls. Using this, it determines the country code of the victim’s SIM card.
Victim accounts used to pay for pre-programmed premium services
Based on the country code of the victim’s SIM card, the Joker malware automatically initiates pre-programmed service subscriptions in the region, all of which are paid for by the victim.
Worryingly, these malicious activities are happening in the background.
One of the easiest ways to spot malware in action is to watch out for unknown transactions that you haven’t initiated.
Immediately contact the bank, the cybercrime hotline for assistance with unauthorized transactions
If you notice any suspicious transactions, immediately contact your bank or the recently launched Cyber ââFraud Helpline number launched by the central government (in India) to stop the transaction.
In order to avoid getting stolen by malware like this, we suggest you install apps only from trusted sources like Google Play Store. Also avoid random links received via SMS.
Check the legitimacy of the apps you download, beware of clones
Above all, always grant an app only the permissions it needs to function properly. A flashlight app seeking to access your contacts is a red flag.
Sometimes reputable app clones are also available. Make sure to verify the name of the app and the developer before downloading. A similar malware attack this year targeted Facebook Messenger users. The names of the malicious applications were simply misspelled.
Make sure you don’t install apps from unknown sources
To further protect you, Android has a built-in setting that prevents the installation of apps from unknown sources. Although this setting is enabled by default, check again.
Finally, avoid downloading apps from advertisements, WhatsApp messages, SMS messages, emails, and potentially suspicious sources.
When using apps with unreasonable permissions, keep an eye out for unauthorized transactions and uninstall apps targeting your finances.