The ‘Joker’ virus hides in various Google Play Store apps, and users are unaware of it until their bank accounts are depleted. Examine how this malware works and which applications are harmful.
The Belgian Police have issued a warning about the return of the ‘Joker’ virus, which infects Android devices and hides itself in numerous Google Play Store applications. This malware is capable of subscribing users to payment systems without their knowledge and draining their bank accounts without their knowledge.
“This dangerous virus has been found in eight Play Store applications that Google has muted,” claim Belgian officials in a statement posted on their website on Friday.
The ‘Joker’ malware made headlines in 2017 for infecting and stealing its victims while concealing in several programs. Since then, Google Play Store defensive systems have deleted around 1,700 apps containing the ‘Joker’ malware before they were downloaded by users.
The ‘Joker’ virus was discovered in 24 Android applications in September 2020, with over 500 thousand downloads before being deactivated. It is estimated that more than 30 countries were affected at the time, including the United States, Brazil, and Spain. Hackers might take up to $ 7 (approximately 140 Mexican pesos) per subscription weekly through illicit memberships, a figure that has most certainly escalated in recent months.
How does the Joker virus operate in Android applications?
The ‘Joker’ Trojan infection is part of the Bread malware family, whose goal is to hack cell phone bills and allow operations without the user’s knowledge.
According to researchers from the cybersecurity firm Quick Heal Security Lab, who were referenced in the statement, this malware can enter text messages, contacts, and other information on the infected smartphone.
What makes this malware particularly harmful is its capacity to enroll the infected Android user to paid services, usually the Premium or most expensive version, without their prior authorization.
Initially, apps infected with ‘Joker’ or another Malware from this family committed SMS fraud, but soon began to target online payments. These two strategies make use of telephone operators’ interaction with suppliers to permit service payment via mobile bill. Both require device verification but not human verification, allowing them to automate payments without requiring any user participation.
“You run the danger of a major surprise at the end of the month in your bank account or on your credit card,” the Belgian police stated, alluding to the unknown costs that the victim will face at the end of the month.
In fact, it is common for those affected by ‘Joker’ to be unaware of the theft unless they thoroughly study their account statement. This is because the bank does not suspect an apparently ‘regular’ subscription and, in general, the charges are so little that they are not noticed as odd movements, therefore the account holder is not even sent an use alert.
Which Android apps can be potentially infected with the ‘Joker virus’?
On this instance, the malicious applications that the Google Play Store removed after discovering that they carried the ‘Joker’ virus are as follows:
Fast Magic SMS
Fast Magic SMS
Messages on the Go
Message of the Year
However, some experts warn that more apps are vulnerable, resulting in millions of users who are unaware that they are already victims of this cyber crime.
According to La Razón, the cybersecurity firm Zscaler has made public the identities of 16 other apps that, according to its investigation, also include this dangerous code:
- Direct Messenger
- One Sentence Translator – Multifunctional Translator
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Desire Translate
- Meticulous Scanner
- All Good PDF Scanner
- Care Message
- Part Message
- Blue Scanner
- Private SMS
- Hummingbird PDF Converter – Photo to PDF
- Style Photo Collage
- Talent Photo Editor – Blur focus
- Paper Doc Scanner
Of course, the advise for Android users is to verify if they have any of these apps installed on their smartphone and delete them immediately, because removal from the Google Play Store does not mean instant removal from PCs where they were downloaded.