Another Set of Trojan-Infected Joker Android Apps Reappear on Google Play

Another Set of Trojan-Infected Joker Android Apps Reappear on Google Play ,On infected Android smartphones, a new group of trojanized apps distributed via the Google Play Store has been discovered.

Joker, a serial offender, refers to a group of malicious apps that are used for billing and SMS fraud, as well as a variety of other malicious hacking activities, such as collecting text messages, contact lists, and device information.

Despite Google’s best efforts to beef up its security, the programs have evolved to look for loopholes and sneak into the app store undetected.

“They’re mainly propagated via Google Play,” according to Kaspersky researcher Igor Golovin, who stated in a paper published last week that thieves steal genuine apps from the market, add harmful code to them, then re-upload them to the store under a different name.

The trojanized apps, which take the place of their removed counterparts, commonly appear as messaging, health tracking, and PDF scanning apps that, once installed, ask for permission to view text messages and notifications, then exploit that information to subscribe users to premium services.

Joker uses a clever way to get around the Google Play vetting process by making its harmful payload “dormant” and then reactivating it after the apps have gone live on the Play Store.

The following are three Joker-infected apps discovered by Kaspersky from February 2022 to February 2023. They are still available from third-party app distributors, even if they have been removed from Google Play.

Blood Pressure App (blood.maodig.raise.bloodrate.monitorapp.plus.tracker.tool.health), Style Message (com.stylelacat.messagearound), and Camera PDF Scanner (com.stylelacat.messagearound) (com.jiao.hdcam.docscanner)
Subscription trojans have already been discovered on app stores. Triada virus was discovered infecting programs for the APKPure app store and a popular WhatsApp mod last year.

In September 2021.

Zimperium revealed GriftHorse, an aggressive money-making scheme, followed by Dark Herring, another case of premium service abuse.

“Subscription trojans can get through bot detection on websites for paid services. And they can sometimes subscribe customers to scammers’ own non-existent services,” Golovin explained.

“Avoid installing apps from unauthorised sources. As they are the most common source of malware, to avoid unwanted subscriptions.”

Even when installing programs from official app stores. Users should read reviews. Verify the developers’ identity. Read the terms of service. And only provide permissions that are required to execute the intended activities.