The Joker is back! This dangerous malware capable of stealing banking information has infiltrated four highly downloaded Android applications. Make sure they’re not installed on your smartphone or you’ll get hefty bills…

Beware of the applications you download to your Android smartphone or tablet! Researchers at security specialist Pradeo have discovered four new infected apps in the Google Play Store. The culprit: Joker, a malicious and devious piece of software that has nothing to envy to Batman’s villain. In fact, it belongs to the Fleeceware category, this scam software used to empty its victims’ bank accounts. It’s not the first time Joker has gone on a rampage (see our article), but he’s been stealing highly downloaded applications…

Joker: Malware that targets bank accounts

Through a rather harmless application, Joker grants itself system permissions and in particular control over SMS. He then subscribes to paid services and makes online purchases, taking care to systematically intercept the validation message required by double authentication (2FA). It even goes so far as to automatically send calls and SMS to premium rate numbers. These are often small sums – so as not to attract attention – but together they add up to a nice jackpot. It also reads text messages and takes screenshots, giving it valuable information like passwords and banking information. As if that wasn’t enough, infected apps can also install other apps on the infected device, which can be even more dangerous.

The Joker malware is difficult to detect because it uses very little code, so its “digital fingerprint” is very discreet. Also, once installed, it hides its app icon, which makes manual uninstallation very difficult. In the past three years – the software first appeared in 2019 – it has claimed hundreds of thousands of victims. As early as December 2021, he had infiltrated the Color Message application, downloaded it 500,000 times. Beneath its harmless appearance – it offered many customization features – the application grabbed the user’s contact list to send to a server in Russia while subscribing to paid services without his knowledge. Today, these four applications are affected, which together account for more than 100,000 downloads:

  • Smart SMS Messages (version 1.3.2)
  • Blood Pressure Monitor (1.3.238)
  • Speech Translator (2.0)
  • Quick Text SMS (2.0)
© Pradeo

They have since been removed from the Play Store but still pose a threat to people who have already downloaded them. In order not to be fooled, you need to pay attention to certain points when installing software. Typically, their developers’ accounts contain only one app with very brief privacy policies – these are often cut and paste, which of course never reveal the full extent of the app’s activities. You should also be wary of software that is never associated with any company name or website. So be careful.

Leave a Reply

Your email address will not be published.