Avoid Joker Android Apps That Sign You up for Fraudulent Subscriptions

Posted on by

Fraudulent Android Apps? You do not speak. A relatively entrenched piece of malware known as “The Joker” – insert your favorite Heath Ledger meme here – has infiltrated yet another handful of Android apps. And the most interesting thing about this is that this Joker loves to subscribe you to subscriptions that you do not need.

As the security firm Check Point describes:

“Joker, one of the most well-known types of Android malware, continues to infiltrate the official Google application market with small changes to its code, allowing it to break through security and verification barriers in the Play store. This time, however, the attacker behind the Joker took an old technique from the usual PC threat landscape and applied it to the mobile world to evade detection by Google.

To enable users of the application to subscribe to premium services without their knowledge or consent, Joker used two main components – a notification listening service, which is part of the original application, and a dynamic dex file downloaded from the C&C server to perform registration. user to services.

In an effort to minimize the Joker’s fingerprint, the performer hid the dynamically loaded dex file from sight, but guaranteed its downloadability – a technique well known to Windows PC malware developers. This new variant now hides the malicious dex file inside the application as Base64-encoded strings, ready to be decoded and loaded. “

I think this is important to know, as earlier this year Google turned its attention to its efforts to block apps that include the Joker – or Bread, as it is also called – from appearing on the Google Play Store. As representatives noted :

  • “Google Play Protect discovered and removed 1,700 unique Bread apps from the Play Store before they were downloaded by users.
  • Bread apps originally used SMS fraud, but largely abandoned it for WAP billing after the introduction of new Google Play policies restricting the use of the SEND_SMS permission and increasing Google Play Protect coverage. “

The Joker, like Vanilla Ice , is back with a brand new edition and it’s definitely not something anyone needs to deal with right now. There is no real way to prevent this malware from infecting your Android, other than the most important defense you have against such apps: common sense. Apps that try to get you to install this crap on your smartphone usually look pretty crappy:

If it’s not obvious using the above screenshot, let’s take a look at some basic warning signs that can help you avoid malicious apps, depending on how they appear in the app store:

  • It has no real purpose: no need to download a floral wallpaper app for Android. Just upload your favorite flower images and make them your wallpaper.
  • This fits the pattern: all the other apps of the app developer also appear to be fraudulent copies of each other.
  • Reviews are bad: for example, the app above has a low 2.5 star rating in few reviews. (I can only imagine what they said; there is no way to check right now because Google has removed the app from the Play Store.)
  • Screenshots are generic: to be honest, I would expect screenshots for an app like this, so it’s not a red flag in itself, but something to keep in mind.
  • Description disabled: Please read this description. That doesn’t make much sense, does it? Plus, your Android phone doesn’t even have a 4K display.

It’s simple, right? Perhaps for you, but less tech-savvy people can easily be tricked into installing apps like this one. As noted by Ars Technica , 11 Joker-infected applications marked by Check Point have been downloaded a total of approximately 500,000 times. This is not a huge amount compared to the millions of downloads that other malware downloaded applications can receive, but it is still not large.

By the way, if any of the apps on this list look like what you currently have on your Android, you can uninstall them and check the payment methods you associate with your Android smartphone for unexpected purchases:

  • com.imagecompress.android
  • com.contact.withme.texts
  • com.hmvoice.friendsms
  • com.relax.relaxation.androidsms
  • com.cheery.message.sendsms
  • com.peason.lovinglovemessage
  • com.file.recovefiles
  • com.LPlocker.lockapps
  • com.remindme.alram
  • com.training.memorygame

More…

0
Android

Leave a Reply