"Updated Joker Malware Floods into Android Apps"

The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners. Joker has been around since 2017, disguising itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators, and wallpapers. Once installed, Joker apps silently simulate clicks and intercept SMS messages to subscribe victims to unwanted, paid premium services controlled by the attackers. This is a type of billing fraud that researchers categorize as "fleeceware." The Joker apps also steal SMS messages, contact lists, and device information. Often, the victim is none the wiser until the mobile bill arrives. Malicious Joker apps are commonly found outside of Google Play and have been able to get past Google Play's protection methods since 2019. Joker apps have been able to get past Google Play's protection methods because the malware's authors keep making minor changes to their attack methodology. As a result, there have been periodic waves of Joker infestations inside the official store, including two massive onslaughts last year. According to researchers at Zimperium, more than 1,800 Android applications infected with Joker have been removed from the Google Play store in the last four years. In the latest wave, at least 1,000 new samples have been detected on Google Play since September.

Threatpost reports: "Updated Joker Malware Floods into Android Apps"