Android: one of the most dangerous malware returns to the Play Store

by homesense
0 comment

Google Play Store is again threatened by joker malware. This malware can empty a victim’s bank account by signing up for expensive subscriptions without their knowledge.

In the extremely dangerous and lucrative category, Joker Malware is one of the most popular malware used by hackers. The malware, which was first discovered in 2019, allows users to subscribe to paid services without their knowledge. In 2020, Joker was spotted on the Play Store several times before disappearing. Only for a short time.

In early April 2021, computer security researchers found several apps infected with Joker in the AppGallery, Huawei’s app store. And on Tuesday, April 20, 2021, McAfee researchers claim to have found similar malware in 8 applications available on the Google Play Store.

A modus operandi similar to that of Joker

These eight applications have accumulated a total of 700,000 downloads. According to information from McAfee experts, this malware, which uses Joker’s modus operandi, hijacked SMS notifications to then make unauthorized purchases. After an investigation lasting several weeks, McAfee teams were able to access the server operated by the attacker.

They found a lot of personal information about the victims, starting with the phone numbers of the targeted users, several text messages, their IP addresses, or even the country of origin. The server also stored auto-renewing subscriptions. “The malware hijacks the Notification Lister to steal incoming SMS like the Android Joker malware does”, without permission to read the SMS, ”the researchers said.

These eight applications dedicated to photo editing, wallpaper catalogs, and ringtones for smartphones, have been removed by Google from the Play Store. “It’s important to watch out for apps that ask for permissions related to SMS and notifications. To put it simply, legitimate photo editing and wallpaper apps do not ask for these permissions because they are not required for their operation. If a request seems suspicious to you, don’t allow it, ”McAfee researchers reminded us.

Here is the list of affected applications:

  • Studio Keypaper 2021
  • PiP Editor Camera
  • My Favorites up Keypaper
  • Super Color Hairdryer
  • Hit Camera Pip
  • Daynight Keyboard Wallpaper
  • Super Star Ringtones
  • App photo Editor

Source : ArsTechnica

Related Posts

Leave a Reply