“Joker”—the malware that signs you up for pricey services—floods Android markets

reader comments

54 with 31 posters participating

September has been a busy month for malicious Android apps, with dozens of them from a single malware family alone flooding either Google Play or third-party markets, researchers from security companies said.

Known as Joker, this family of malicious apps has been attacking Android users since late 2016 and more recently has become one of the most common Android threats. Once installed, Joker apps secretly subscribe users to pricey subscription services and can also steal SMS messages, contact lists, and device information. Last July, researchers said they found Joker lurking in 11 seemingly legitimate apps downloaded from Play about 500,000 times.

Late last week, researchers from security firm Zscaler said they found a new batch comprising 17 Joker-tainted apps with 120,000 downloads. The apps were uploaded to Play gradually over the course of September. Security firm Zimperium, meanwhile, reported on Monday that company researchers found 64 new Joker variants in September, most or all of which were seeded in third-party app stores.

And as ZDNet noted, researchers from security firms Pradeo and Anquanke found more Joker outbreaks this month and in July respectively. Anquanke said it had found more than 13,000 samples since it first came to light in December 2016.

“Joker is one of the most prominent malware families that continually targets Android devices,” Zscaler researcher Viral Gandhi wrote in last week’s post. “Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques.”