Beware, the Joker Malware Has Infected Large Numbers of Android Smartphones

Wha is a Joker Malware?

The Joker malware is back on the Play Store! After several months of absence, the malware was spotted in the code of 6 seemingly harmless applications. Its goal? Empty the bank account of its victims by subscribing them to paid services on the web. 

In September 2019, a dangerous malware called Joker made a noticeable appearance on the Play Store. Hidden in twenty store applications, the trojan sought to subscribe users to paid services without their knowledge. Google had acted quickly by ousting infected applications from the Play Store. Recalcitrant, Joker was back a few weeks later to rip off new victims. Despite Google's efforts, the virus has repeatedly returned to attack Android users before disappearing from radar.

On the same subject:  this malware infects cheap Chinese Android smartphones as soon as they are assembled at the factory

The list of 6 applications infected with the Joker malware

Recently, the Joker malware was also spotted in the code of 6 Android applications available on the Play Store by Roxane Suau, a computer security researcher at Pradeo. In total, these infected applications have been downloaded over 200,000 times.

“Joker's main activity is still simulating clicks and intercepting confirmation SMS to subscribe users to an unwanted premium paid services,” explains Roxane Suau. The pirates behind Joker have therefore not changed their modus operandi since last year. Here is the list of apps to urgently uninstall from your phone:

1. Safety AppLock
2. Convenient Scanner 2
3. Push Message-Texting & SMS
4. Emoji Wallpaper
5. Separate Doc Scanner
6. Fingertip GameBox

Alerted by Pradeo, Google quickly removed the 6 infected applications from its Play Store. However, the applications are “always installed on the devices of their users”, regrets Roxane Suau.

The Malware Subscribes to Paid Services Without Your Knowledge

The joker, present in infected mobile applications, would force users of the platform to subscribe to paid services against their will.

The malware extracts small amounts of money from users on a regular basis. Indeed, once the owner of an Android smartphone has downloaded one of the infected applications, the malware immediately leads the victim to a web page offering a paid service. Unfortunately, it is too late to backtrack because immediately, the user has subscribed to the service, without even knowing it.  

By simulating the process of a premium service, the virus indeed uses the credit cards stored on smartphones. It thus copies the data from the payment confirmation SMS, as well as the verification codes present on the victims' phones.

How to Prevent Joker Malware

To avoid unpleasant surprises, download any application available on the Google store. Before installing an app, always read comments and reviews. For security reasons, we also advise you to install a good antivirus on your Android smartphone.