Scammy Android apps? You don’t say. A relatively established bit of malware known as “Joker” — insert your favourite Heath Ledger meme here — has permeated yet another handful of Android apps. And the fun thing about this one is that this Joker likes to sign you up for subscriptions you don’t want.
As security firm Check Point describes:
“Joker, one of the most prominent types of malware for Android, keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers. This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.
To realise the ability of subscribing app users to premium services without their knowledge or consent, the Joker utilised two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services.
In an attempt to minimise Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.”
I think this is important to know about, as Google took time earlier this year to highlight its efforts at blocking apps that incorporate Joker — or Bread, as it’s also known — from appearing in the Google Play Store. As representatives noted:
- “Google Play Protect detected and removed 1.7k unique Bread apps from the Play Store before ever being downloaded by users
- Bread apps originally performed SMS fraud, but have largely abandoned this for WAP billing following the introduction of new Play policies restricting use of the SEND_SMS permission and increased coverage by Google Play Protect”
Joker, like Vanilla Ice, is back with a brand new edition, and it’s definitely not what anyone needs to deal with right now. There’s no real way to prevent this malware from infecting your Android, save for the most important defence you have against apps like these: common sense. The kind of apps that try to sucker you into installing this crap on your smartphone generally look pretty crappy themselves:
In case it’s not obvious, using the screenshot above, let’s walk through some basic warning signs that can help you avoid a malware apps, based on how they appear in the app store:
- It has no real purpose: There is no need to download a flower-themed wallpaper app for your Android. Just download your own favourite images of flowers and make them your wallpapers.
- It fits a pattern: The app developer’s other apps all sound like scammy copies of one another, too.
- The reviews are bad: For example, the app above has a low, 2.5-star rating across not-so-many reviews. (I can only imagine what they said; there’s no way to check now, as Google has removed the app from the Play Store.)
- The screenshots are generic: Honestly, I’d expect bland screenshots for an app like this, so that’s not a red flag in itself, but something to keep in mind
- The description is off: Read that description. It doesn’t make much sense, does it? Also, your Android phone doesn’t even have a 4K display.
Simple, right? Perhaps for you, but less tech-savvy individuals could easily get duped into installing apps like these. As Ars Technica notes, the 11 Joker-infected apps highlighted by Check Point were downloaded approximately 500,000 times in total. That’s not a huge amount compared to the millions of downloads that other malware-laden apps can receive, but it’s still not great.
Speaking of, if any of the apps on this list sound like something you currently have on your Android, you might want to uninstall them and check the payment methods you associate with your Android smartphone for any unexpected purchases: