Home Malware Programs Malware Joker

Joker

Posted: September 9, 2019

Joker is an Android Trojan that uses compromised devices for generating fraudulent advertising revenue. Its attacks include data-harvesting and manipulating capabilities for SMS messaging that allow it to sign the device's users up to services automatically. Since there are no notable symptoms of this threat, users should depend on their anti-malware services for identifying and removing Joker infections.

The Joke's on Your Phone

Google's Play Store is the site of another series of threatening application attacks that, as per the norm, are capitalizing on others' hardware for monetary advantages. The application-bundled Trojan, Joker, gives its threat actors a backdoor into Android phones, not for spying or delivering other threats, but for making money. It does this through a combination of simulating advertising traffic and service signups, the latter of which even may cost the victim ongoing fees.

Although there are a few, geolocation-indiscriminate versions of Joker, most builds of the Trojan use a Mobile Country Code or MCC-based filtering list. This prerequisite keeps Joker from running on unwanted devices outside of target areas, such as Asia, the Middle East and Europe. North America is, notably, an omission from the acceptable region list, although Joker's control panel is in Chinese.

After it gets system access through the victim's installing the compromised or fake application, Joker retrieves its configuration data from its server and starts listening for incoming SMS messages. Although an attacker could use this feature for collecting all SMS messaging content, Joker limits it to catching authorization codes for premium service signups currently. It also includes advertising framework integration, ad click simulation, and collecting the user's phone book contacts.

Taking Out the Punch from a Trojan's Punchline

Although Google is removing contaminated Joker applications from its Play Store actively, more variants are likely of being in development and prep for release. Malware experts also are pointing out various stealth features in Joker, which obfuscates its code and communications and leaves as few signs as possible of being on the phone. Users may identify potential danger from an application's unusually slow splash loading screen, during which, Joker's loader initializes the Trojan in the background.

Users always should avoid application downloads from third parties without any security vetting for their software. Checking reviews may, in some cases, provide additional clues for an application's reputability or safety. The presence of active anti-malware programs should help catch unsafe applications, including more than just bundles for Joker, but also banking Trojans like Hqwar and the browser-hijacking xHelper.

With at least two dozen applications facilitating Joker's campaign, users shouldn't track specific brands for avoiding it. Update your anti-malware service for your phone and let it remove Joker automatically upon its identification.

Joker makes a laughing stock out of any phone's security but does so invisibly. Anyone wishing not to be the butt of its joke should take proactive vetting of their software downloads seriously.

Related Posts

Loading...