Google has long been trying to prove that they focus on security, however, time after time, situations have proved otherwise. In a recent security incident, researchers have discovered a new malware and Android Trojan by the name of "Joker". This Trojan is spyware and it has been linked to 24 different apps on Google Play store. Surprisingly, these apps are not random unknown apps, instead, they have 472,000 downloads in total.
This malware is hidden and adjusted according to the advertisement framework that is usually used by the compromised apps. Once downloaded, these apps begin to download a second-stage component just like a DEX file, which enables the malware and adds other capabilities making it more dangerous. With the help of this additional malware, this Trojan attaches the user to ad sites and also gets the information from the device of the victim. This information includes the contact list, text message details, and other information within the device.
This malware uses the SMS collection module and then sign-up the victim for premium subscriptions by using all the data that is extracted from the authorizations texts. However, this joker Trojan malware is targeting just a few countries, these countries include India, Australia, France, Germany, the UK, and the US. According to researchers, the reason behind targeting these countries is the fact that the majority of the apps that are infected by the malware contains a hard-coded list of country codes from the mobiles of these countries.
While activating the spyware, the malware starts by comparing the country code of the SIM card with the already listed hard-coded number and with this comparison, the malware decides if the victim is from the targeted country. In case the users are from the listed country, this malware further activates the second stage components that start the whole process. To make it safe some of the apps have an additional check. With the help of this check once the number is determined the app ensures that the payload is not executed when it is running in Canada and the US.
With the increase in malware and spyware related event, it seems that Android users are really experiencing extremely safety and security related challenges, the real question is, if Google is ready to do something about it or is it going to leave it to the users to find a solution.
Photo: Gettyimages
Read next: Google will be rewarding hackers for finding loopholes in Android apps with 100M+ downloads
This malware is hidden and adjusted according to the advertisement framework that is usually used by the compromised apps. Once downloaded, these apps begin to download a second-stage component just like a DEX file, which enables the malware and adds other capabilities making it more dangerous. With the help of this additional malware, this Trojan attaches the user to ad sites and also gets the information from the device of the victim. This information includes the contact list, text message details, and other information within the device.
This malware uses the SMS collection module and then sign-up the victim for premium subscriptions by using all the data that is extracted from the authorizations texts. However, this joker Trojan malware is targeting just a few countries, these countries include India, Australia, France, Germany, the UK, and the US. According to researchers, the reason behind targeting these countries is the fact that the majority of the apps that are infected by the malware contains a hard-coded list of country codes from the mobiles of these countries.
While activating the spyware, the malware starts by comparing the country code of the SIM card with the already listed hard-coded number and with this comparison, the malware decides if the victim is from the targeted country. In case the users are from the listed country, this malware further activates the second stage components that start the whole process. To make it safe some of the apps have an additional check. With the help of this check once the number is determined the app ensures that the payload is not executed when it is running in Canada and the US.
With the increase in malware and spyware related event, it seems that Android users are really experiencing extremely safety and security related challenges, the real question is, if Google is ready to do something about it or is it going to leave it to the users to find a solution.
Photo: Gettyimages
Read next: Google will be rewarding hackers for finding loopholes in Android apps with 100M+ downloads
