In 2019, Kaspersky informed us about it Gamescanner app, The PDF file creator was downloaded by users and contaminated with a Trojan; in the middle of March More than 200 applications affected by malicious code known as “Sinpath” Also available from the official Google Play Store affected 150 million users; Already in May, we had another case of malicious apps beyond Google’s security mechanisms.
In July of this year, we saw 7 processors that Google Play removed from its store because they used to spy on anyone who had it on their smartphone without knowing; Today we’re seeing new malware, and there can’t be anything else with a name like this: cartoons.
Nuevo Joker Malware
Baptized as one of the most important comic book villains and a true pop culture icon – and fashionable for his award-winning monotony -, No Joker Malware It has infiltrated many apps on Google Play Store for Android. The virus works in two steps, as it risks not only data theft, but also real-time money theft. How it works:
Step 1
- Iorgan infection Using malware to integrate with the system
- Select the country in which the device is located
- Command and Control Communications C&C You just need to encrypt your systems, at least from hackers
The second phase:
- DEX file encryption -Save the executable in a format that contains compiled code written for Android and loads it.
- SMS, data theft Who is sending us the message?
- theft Contact list and data Hardware
- Contact classified ads sites Withdrawing money via the victim’s mobile phone
Malware that steals your money
The worst thing about this second stage is malware The joker starts interacting with ad sites using authentication codes For premium subscriptions to these sites, I Click Simulation In banners and more, namely: Subscribing to advertising services that we do not commission. Thanks to this technology In countries like Denmark, the Joker can produce up to 6.71 euros per week Thanks to the automation of the process of interacting with the premium view of a particular website.
Increase your attacks but reduce the risk of getting caughtThe Joker only operates in a limited number of countries – including Spain. In fact, one of the many processors affected by this malware is the MCC, which exchanges country-specific mobile codes to see what works. If you use a SIM card from the listed countries, the second stage of the virus is activated which includes SMS, data and cash transactions.
Most of the hacked apps work in European and Asian countries, and while some processors may affect SIM cards in North America, there are additional tests to avoid this in the US or Canada.
Countries affected by the Joker
- Spain
- Australia
- Austria
- Belgium
- Brazil
- China
- Cyprus
- Egypt
- France
- Germany
- Ghana
- Greece
- Honduras
- indie
- Indonesia
- Ireland
- Italy
- Kuwait
- Malaysia
- Burma
- Holland
- Norway
- Poland
- Portugal
- Qatar
- Argentine Republic
- Serbia
- Singapore
- Slovenia
- Sweden
- Switzerland
- Thailand
- Turkey
- Ukraine
- The United Arab Emirates
- United kingdom
- United States of America
Affected applications
Where does this malware come from? While it is difficult to monitor, the truth is that Joker C&C UI and part of its core code They are written in Chinese.
In addition, after affecting more than 500,000 Hawaiian mobile phones in 2020, the Joker is making a comeback. Despite the security of the Android Store, Joker can re-enter 8 applications. some of them With over 100,000 downloads.
According to the Belgian policeAll eight of these apps have tested positive for the malware:
- news support
- Object Scanner
- Fast Magical SMS
- Scanner free game
- go news
- great news
- Wonderful SMS
As with previous versions, you can also subscribe to sites that offer payment services to users, which means that at the end of the month, users will be in for a big surprise when their bank account or credit card statement arrives in the mailbox. Many victims have been found in the past The scam pays more than 0.240 (9279) subscriptions annually.