Joker: In 2019, Kasperski tipped us off about the CamScanner app, a PDF file creator that was a download hit with users and had been contaminated with a Trojan; In mid-March, more than 200 applications infected by a malicious code dubbed “Sinbad” had been detected, which were available in the official Google Play store, and which affected 150 million users; As soon as May started, we had another case of apps with malware that had bypassed Google’s security mechanisms.
In July of that year we saw 7 apps that Google Play had removed from its store because they were dedicated to spying on whoever had them on their smartphone without knowing it; and today we find a new malware that with such a name could not be anything else: THE JOKER.
New Joker malware
Baptized as one of the most essential comic book villains and an authentic icon of popular culture -and in addition to fashion for the homonymous film that is sweeping awards-, The Joker is a malware that has managed to sneak into many applications within Google Play Android Store. The virus acts in 2 phases, and its danger is not only that it steals your data, but it also steals money in real time. This is how it works:
Device infection using malware to integrate into the system
Identification of the country in which the terminal is located
Command and Control C&C communication with hackers to a minimum, just enough to receive the encrypted configuration
Decrypting the DEX file – an executable file saved in a format containing compiled code written for Android – and loading it.
Theft of SMS messages, data of the person who sends us the message
Theft of the contact list and device data
Interaction with advertising websites to get money through the infected mobile