The malware “Joker” is a spyware that gives malicious agents access to the victims’ SMS and contact list, and other device information. Apps linked to it on the Google Play Store have been downloaded over 470,000 times, possibly affecting hundreds of thousands of Android devices with malware.
It was in June 2019 when the spyware Joker was first observed. Evidently, the spyware simulates interactions with advertisement websites and then steals the victims’ SMS messages, contact list, and device information.
For example, the spyware can silently sign a user in Denmark for a specific premium subscription that costs 50 DKK ($7.39) per week by automating the interactions with the premium offer’s website and then entering the offer code. Joker then waits for the SMS confirmation and then extracts the message once it comes so that it can input the confirmation code onto the webpage to complete the subscription.
According to software developer Aleksejs Kuprins, the spyware was detected in 24 apps in the Google Play Store so far, with a combined total of over 472,000 downloads worldwide. All of the 24 apps have now been removed from the Play Store.
37 Countries Targeted By Spyware
Joker only attacks targeted countries, and the victims they target have to be using a sim card from those countries. The countries affected are the United States, United Kingdom, United Arab Emirates, Australia, Belgium, Austria, Brazil, China, Cyprus, France, Egypt, Germany, Ghana, Honduras, Greece, Ireland, Indonesia, India, Kuwait, Italy, Malaysia, Netherlands, Myanmar, Poland, Norway, Portugal, Republic of Argentina, Qatar, Singapore, Serbia, Slovenia, Spain, Thailand, Sweden, Switzerland, Ukraine, and Turkey.
Joker is said to be a small and silent malware that uses as little JAVA code as possible. It basically does much of its malicious activities under the radar, and data suggests that the activities began in early June 2019. However, it is possible that the activities began earlier, and persisted for a longer period of time.
That said, Kuprins notes that Google has been on top of the issue and has been removing the apps even without prompting from them throughout the investigation.
“We recommend paying close attention to the permission list in the apps that you install on your Android device,” Kupris said. “Obviously, there usually isn’t a clear description of why a certain app needs a particular permission, which means that whenever you are downloading any app — you are still relying on your gut feeling to some extent.”