THERE'S ALWAYS A JOKER IN THE PACK, or in this case, the Play Store, as malware dubbed 'Joker' has managed to get its way onto the Android storefront by lurking behind 24 apps.
Security researcher Aleksejs Kuprins discovered the malware, which takes the form of a premium subscription bot and is designed to make money by effectively simulating clicks.
That's a fairly common way for malware to make money. But what's more disturbing is Joker can sign up to premium services by effectively clicking on premium sign-up options on websites and then sucking up a confirmation code from an infected device's SMS messages. All this is done surreptitiously in the background of an infected device.
"For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer's webpage, entering the operator's offer code, then waiting for an SMS message with a confirmation code and extracting it using regular expressions," explained Kuprins.
"Finally, the Joker submits the extracted code to the offer's webpage, in order to authorise the premium subscription."
From the 24 apps harbouring the Joker, Kuprins noted that they'd been downloaded and installed more than 472,000 times, which would make for a pretty significant victim list. Google has since taken down those apps, so that's something at least.
Kuprins also said the malware has the scope to target 37 countries including good ole' Blighty and other EU nations.
"The Joker malware only attacks targeted countries. Most of the infected apps contain a list of Mobile Country Codes (MCC) and the victim has to be using a SIM card from one of these countries in order to receive the second stage payload," the researcher said.
"The majority of the discovered apps target the EU and Asian countries, however, some apps allow for any country to join. Furthermore, most of the discovered apps have an additional check, which will make sure that the payload won't execute when running within the US or Canada."
If you're concerned about having fallen victim to Joker, then we suggest you check your bank statements for any dodgy and unusual transactions.
The situation yet again highlights that there's more effort Google needs to do to ensure its Play Store keeps malware-loaded apps at bay, though with an open ecosystem that's easier said than done. µ
But it might never see the light of a PC bay
It's nothing we haven't seen before, but it's still the best iPhone yet
Firm gives scanner flaw the finger
Ermine is the same but stoat-ally different