The Joker malware, which has previously infected several Google Android apps, is now back with another malicious scheme.

Cybersecurity experts spotted the mobile trojan in a similar platform: Google Playstore.

The said spyware can launch different attacks on systems, including faking service reviews, displaying deceptive ads, downloading virus-stricken apps, and disabling the Google Play Protect Service.

The Return of Joker Malware

Joker Malware Returns--Spyware Has Infected Over 500,000 Huawei Users Through Android Apps in April
(Photo : Rob Hampson from Unsplash )
Experts say that the returning Joker malware is back with a malicious scheme to the victims.

The system virus in the form of the Joker malware was seen to be collecting sensitive details from the users, including their personal messages and device information. It also tricks the people to fill up the details for a premium subscription, but instead, it only steals data.

Two years ago, the said malware has been hitting the Google Play Store's apps. According to the experts, the company has already removed many applications with the Joker malware.

It's even worse especially for over 500,000 Huawei users who suffered from the malware infection, as of April this year. They have reportedly installed and downloaded the Android apps.

Zimperium, a security company, warned the users that the impact of the Joker malware on the applications has been wide-scale. Over 1,800 apps in the platform were already out from Google Playstore.

Since September 2020, experts have discovered at least 1,000 of them.

"These variants were found using the same malware machine learning engine powering zIPS on-device detection and Google's App Alliance, proving that on-device detection capabilities are a must to ensure full protection of an enterprises' mobile endpoints," Zimperium said in its blog post.

Read Also: TrickBot Malware Comes with New 'tvncDll' Module That Will Infect Systems, Install More Virus to the Machines

Joker Malware Manages to Get Pass Through the System

The cybersecurity experts said that the notorious group behind the Joker spyware was able to adapt to the changes in Google's security.

This is done for the malware to avoid being detected by the system.

There are many Joker variants out there that rely on the "hiding" scheme. The threat actors exploit the system by creating apps that could ignore the app store's security scanners. This deceives the system into thinking that the apps that pass have no virus.

What's dangerous about this Joker virus is its encrypting ability that can be pulled in various forms.

For instance, it could create encryption with the use of numbers, such as displaying the same .dex file. Using steganography, the file will be hidden in an image, so it could pass the scanner.

Experts said that it's better to also pay attention to the URL shorteners since they could contain malicious software that could rob you of your information. The most favorite targets of the Joker malware are the mobile users, Security Affairs reported on Friday, July 16.

Top 11 Joker Apps You Should Immediately Delete

Last year, we reported some Joker apps that you should delete on your phone as soon as possible. Since this issue is timely following the return of Joker, we recommend you to look for the following apps:

  • com.hmvoice.friendsms
  • com.relax.relaxation.androidsms
  • com.cheery.message.sendsms
  • com.cheery.message.sendsms
  • com.peason.lovinglovemessage
  • com.file.recovefiles
  • com.LPlocker.lockapps
  • com.remindme.alram

Related Article: Guess, an American Clothing Brand Reveals About Data Breach; DarkSide Ransomware Most Likely the Culprit

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2021 All rights reserved. Do not reproduce without permission.