Android Malware: Joker Still Fools Google's Defense, New Clicker Found (Feb 21, 2020)
Developers of the Android Malware, “Joker”, are continuing to update and evolve the malware’s capabilities. The malware, which has been around since 2017, is a spyware that can read and send texts, allowing the malware to subscribe victims to premium services without their knowledge. Joker continues to bypass Google’s Defense, allowing it to continually be on the Google Play Store. Nearly everyday new Joker samples are added to the Google Play Store, due to the malware developers using a range of obfuscation techniques to bypass Google’s security. In recent samples of Joker, a clicker has been added allowing for fraudulent ads click to be generated.
Recommendation: Users should be cautious when downloading applications, even from official channels such as the Google Play Store, because as this story portrays, malicious applications sometimes make it into office stores. Therefore, users should carefully review the permissions an application will request prior to installation.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.