Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Joker Spyware Infiltrated Google Play, Abused Old Trick to Target Users
  • Data Breach
  • Malware

Joker Spyware Infiltrated Google Play, Abused Old Trick to Target Users

6 years ago David Bisson
Joker Spyware Infiltrated Google Play, Abused Old Trick to Target Users

Security researchers detected a new variant of the Joker spyware family that had infiltrated Google Play and had begun abusing an old trick to target users.

Check Point Research found that the authors of Joker, a dropper and premium dialer spyware, had once again modified their creation’s code so that the malware would bypass the Play Store’s security mechanisms and conceal itself within seemingly legitimate apps.

Upon successful installation, Joker pulled down additional malware onto a victim’s infected Android device. Those threats then furtively subscribed the user to premium services.

One of the Joker-infested applications on Google Play. (Source: Check Point Research)

This variant of the spyware family deployed an old trick that it had adopted from the PC threat landscape. Check Point Research revealed that this trick involved the retrieval of a dynamic dex file from Joker’s command-and-control (C&C) server for the purpose of subscribing victims to the premium services:

In an attempt to minimize Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.

Users who believe they’ve been infected with Joker should follow Check Point Research’s advice and uninstall whichever application was responsible for producing the infection from their device. They should also install a mobile security solution to protect their devices against similar infections in the future.

From there, they should keep an eye out on their credit card bills and other account statements to see if they’ve been enrolled in any unfamiliar subscription services. If they have been, they should attempt to unsubscribe. If that doesn’t work, they should contact their payment card company to see if they can block the charge directly.

Mobile users can further protect themselves against threats such as Joker by following these best practices on their devices.

The post ” Joker Spyware Infiltrated Google Play, Abused Old Trick to Target Users” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Android, Encryption, Google, TripWire

Continue Reading

Previous MITRE ATT&CK July 2020 Update: Sub-Techniques!
Next Cosmic Lynx: The Highly-Professional Cybercrime Gang Scamming Businesses Out of Millions of Dollars

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

4 hours ago [email protected] (The Hacker News)
  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

19 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

19 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

22 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
  • Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
  • CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
  • http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html
  • [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT