The current pandemic situation has turned to be a boon for malicious actors and hackers. Campaigns for spreading viruses and malware are taking place on a large scale. One such campaign that has emerged to fame, but is not so new for cybersecurity researchers- is the Joker Malware. There are so far eight applications on Google Play recognized to contain the malware and is known to affect victims financially. This article is about all you need to know about Joker Malware and a comprehensive fact checker for the same. Read on to know more.
What is Joker Malware?
As per the historical records, the first mention of this malware dated back in September 2019 where more than 24 applications were detected to contain it. Since then, it has been evolving and developing rapidly into more undetectable versions causing further damage. The malware was written in a language that leaves minimal fingerprints behind. One of the mass campaigns led through applications that can attract users and get maximum downloads.
How does Joker Malware affect its victims?
Once you download the application that contains the Joker Malware, it is known to stealthily sign up the victim to subscriptions posted by the ads. This occurs in two steps, let us understand them:
- The application connects with the server, from where the malware executable is downloaded. Once enabled, it silently interacts through POST requests with the ads and requests for the OTP to complete the subscription process.
- This authorization code in the OTP is stolen by the malware and interacts with the ad to complete the verification. At last, it is also known to report back to the server after completing the malicious activity.
- The malware also steals sensitive user data and other contact information from the victim’s device.
- It is also known to delete the transaction records and purchase history to clear its activities.
How to identify if I’m a victim of the Joker Malware?
Every malware interacts with a server or a malicious code, leaving behind some digital footprints called ‘Indicators Of Compromise’ (IOCs). Even the Joker Malware has a known set of IOCs found over the internet if you’re knowledgeable about technical aspects.
If not, then identify any subscriptions or any monetary deductions from your bank accounts that occurred without your knowledge. We have also mentioned the list of applications that have been identified to contain Joker Malware. Stay alert of the applications asking for access more than its functionality and necessity that can raise suspicions.
How to not let Joker Malware affect me?
As of the latest update, eight applications were detected with the Joker Malware. However, there is not much to worry about since Google Play has taken down these applications. The list is as follows:
- Go Messages
- Travel Wallpapers
- Free CamScanner
- Super Message
- Super SMS
- Element Scanner
- Auxiliary Message
- Fast Magic SMS
However, if you still have these applications, then delete these applications and check for any indicators of compromise regarding the malware.
It is also attributed that this malware campaign originated purposefully from a country with some financial motive. At the same time, the malware detects the country code of the device and is ineffective in some countries.
However, it has affected over 38 countries, including India, Egypt, Portugal, Germany, and France, to name a few. The count of the downloads is as high as 50,000, and thus, a large number of victims are believed to be affected.
To summarize the Joker Malware.
In this article, we’ve tried to mention all that you need to know about Joker Malware. The hackers often try to modify and update the malware to bypass the detection and make their way into Play Store with legitimate applications. Thus we should often remain aware of any updates of a particular malware family and their corresponding IOCs.
It is also recommended to get some security solutions that can effectively detect harmful applications and prevent the exfiltration of your sensitive data through malware and trojans. Frequent security scans can comprehensively present the applications trying to harm the device and indirectly the user. While this malware is prominent and old, we request the readers to stay alert of the new variants of the Joker Malware.
My name is Rishika Desai. I’m a cybersecurity researcher trying to explore various domains and its potential influences in shaping the security strengths of users. I therefore, intend to propose various such implementation ideas that can be beneficial for the society. You can follow me on Twitter at @ich_rish99 and connect with me on LinkedIn!