Contents
Joker malware is an Android virus that was detected in 24 Google Play Apps in September, 2019. The malicious program is capable of signing the victim up for paid service subscriptions, stealing SMS messages, contacts, list, device info and simulating interaction with advertisements.
The malware was first discovered and described by CSIS security researcher Aleksejs Kuprins. According to the security specialist, the malware has been installed onto various devices over 472,000 times with the help of 24 infected Android apps, all containing Joker malware.
Since the discovery of malicious software, Google Play has removed these 24 apps from the store, however, users who installed the compromised apps MUST remove them from their devices manually to secure their privacy and bank accounts.
Android users who have one of the following apps on their devices must uninstall them IMMEDIATELY to remove Joker malware completely:
If you have been using one or several of these apps, make sure you remove Joker virus from your Android device completely. Please use the free instructions at the end of this article.
The Joker Android virus lurks in advertisement frameworks used by the above-mentioned applications, delivering an initialization component (Loader) to the victim’s device. The loader is set to carry out the following tasks:
Before attacking the Android device, Joker virus checks whether the victim is using a SIM card from one of Mobile Country Codes (MCC). Most of the infected apps targeted Asian and European Union countries, although some of them were set to target victims worldwide.
Interestingly, the vast majority of 24 apps have been configured to check whether the victim is from US or Canada, and terminate the malware in case of positive return.
The Android virus targets a total of 37 countries:
Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Norway, Netherlands, Poland, Portugal, Qatar, Republic of Argentina, Singapore, Serbia, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United States and United Kingdom.
The Loader is set to download the DEX file and deobfuscates it for further use, proceeding to the core malware functionality.
The main part of Joker Android virus is coded to be as little, as functional, and as silent on the compromised device as possible. It is clear that the malware is created by professionals who want and know how to operate silently without being noticed (at least not until the victim notices payments in the bank account).
The malware continuously communicates with the C&C server to receive new tasks and report results.
The main task of Joker is to simulate victim’s clicks on advertisements. As a result, it opens premium offer URLs and injects JavaScript commands, waiting for the authorization SMS to arrive. Since the Android virus contains a phone notification checker, it quickly observes incoming SMS and extracts the required confirmation code to purchase premium services on behalf of the victim.
The malware also steals all text messages from the victim’s phone as well as the whole address book and sends them to the C&C server.
We want to stress out that you not only must remove Joker virus by uninstalling the previously mentioned apps from your phone, but you also need to check what premium subscriptions are active on your account currently.
First of all, you need to check whether you have any of the listed apps on your phone or tablet and remove them in a few simple steps:
Uninstalling the malicious app won’t cancel premium subscriptions.
Once you complete these steps, Joker virus removal will be complete. Make sure you always check app permissions and download only trustworthy components to your Android device to avoid Android virus infection.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
KQGS ransomware is a hostile computer virus designed to encrypt all of your files KQGS…
VTYM ransomware description: a virtual menace to your files stored on the computer VTYM ransomware…
FOPA ransomware is a new threatening computer virus that encrypts your files FOPA ransomware virus…
This website uses cookies.
View Comments
Thank you for describing how to cancel paid subscriptions caused by Joker malware - I couldn't understand how to do it. Very useful guide!