• Services
    • [Tabs]
      • Application Security
        • [Column]
          • SERVICES
          • Web Application Penetration Testing
          • Mobile Application Pentesting
          • Web Services & API Assessment
          • Secure Code Review
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Network Security
        • [Column]
          • SERVICES
          • Network Vulnerability Assessment and Penetration Testing
          • VoIP Vulnerability Assessment & Penetration Testing
          • Wireless Penetration Testing
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Cloud Security
        • [Column]
          • SERVICES
          • Cloud Auditing & Hardening for AWS
          • Cloud Auditing & Hardening for Azure
          • Cloud Auditing & Hardening for GCP
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Threat Simulation
        • [Column]
          • SERVICES
          • Red Team Assessment
          • Red Team VS Blue Team
          • Social Engineering Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Container Security
        • [Column]
          • SERVICES
          • Docker CIS Benchmark Hardening
          • Container Vulnerability Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • CERT-In Audit Services
        • [Column]
          • SERVICES
          • RBI Cyber Security Framework for Banks
          • SEBI Cyber Security & Cyber Resilience Framework
          • System Audit Report – Data Localisation
          • View all Audit Services

        • [Column]
          • RESOURCES
          • [Dynamic Posts]
  • Solutions
    • [Column]
      • SOLUTIONS
      • Managed Security
      • DevSecOps
      • Strategic Security Solutions
    • [Column]
      • RESOURCE
      • [Dynamic Posts]
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Company
    • [Tabs]
      • About
        • [Column]
          • Journey Timeline
          • timeline-image
        • [Column]
          • Mission,Vision, Values
          • mission-vision-image
      • Media
        • [Column]
          • Media title
        • [Column]
          • Media Image
      • Partners
        • [Column]
          • Partners title
        • [Column]
          • Partners Image
      • Careers
        • [Column]
          • Careers title
        • [Column]
          • Careers Image
  • Company
    • About us
    • Partners
    • Careers
WeSecureApp Logo (2)
Menu
  • Services
      • Application Security
          • SERVICES
          • application securityWeb Application Penetration Testing
          • Mobile Application Penetration TestMobile Application Pentesting
          • Web Services & API AssessmentWeb Services & API Assessment
          • application security - secure code reviewSecure Code Review
          • RESOURCES
          • cybersecurity for small businessesWhy is Cybersecurity Essential for Small Businesses?
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-1-1 What is Pentesting?
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Cloud Security Threats Cloud Security Threats
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Hire a Red Team7+ Major Reasons to Hire a Red Team to Harden Your App Sec
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • selecting-penetrationtesting How to Choose a Penetration Testing Vendor Wisely?
      • CERT-In Audit Services
          • SERVICES
          • RBI-cybersecurity-for-banks 1RBI Cyber Security Framework for Banks
          • sebi-iconSEBI Cyber Security & Cyber Resilience Framework
          • sar-iconSystem Audit Report – Data Localisation
          • View all Audit Services

          • RESOURCES
          • penetration testing guideThe Penetration Testing Guide for Compliance and Audits
  • Solutions
      • SOLUTIONS
      • secure–data (1) (1)Managed Security
      • devsecops-logoDevSecOps
      • SSS-logoStrategic Security Solutions
      • RESOURCE
      • worst passwordsWorld’s Worst Passwords: Is it time to change yours?
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
Contact

Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • CERT-In Audit
      • RBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience Framework
      • SAR Audit
      • View All Audit Services
  • Solutions
    • Managed Security
    • Devsecops
    • Strategic Security Solutions
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • CERT-In Audit
      • RBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience Framework
      • SAR Audit
      • View All Audit Services
  • Solutions
    • Managed Security
    • Devsecops
    • Strategic Security Solutions
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
  • Contact
WeSecureApp Logo (2)
Menu
  • Services
      • Application Security
          • SERVICES
          • application securityWeb Application Penetration Testing
          • Mobile Application Penetration TestMobile Application Pentesting
          • Web Services & API AssessmentWeb Services & API Assessment
          • application security - secure code reviewSecure Code Review
          • RESOURCES
          • cybersecurity for small businessesWhy is Cybersecurity Essential for Small Businesses?
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-1-1 What is Pentesting?
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Cloud Security Threats Cloud Security Threats
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Hire a Red Team7+ Major Reasons to Hire a Red Team to Harden Your App Sec
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • selecting-penetrationtesting How to Choose a Penetration Testing Vendor Wisely?
      • CERT-In Audit Services
          • SERVICES
          • RBI-cybersecurity-for-banks 1RBI Cyber Security Framework for Banks
          • sebi-iconSEBI Cyber Security & Cyber Resilience Framework
          • sar-iconSystem Audit Report – Data Localisation
          • View all Audit Services

          • RESOURCES
          • penetration testing guideThe Penetration Testing Guide for Compliance and Audits
  • Solutions
      • SOLUTIONS
      • secure–data (1) (1)Managed Security
      • devsecops-logoDevSecOps
      • SSS-logoStrategic Security Solutions
      • RESOURCE
      • worst passwordsWorld’s Worst Passwords: Is it time to change yours?
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
Contact
Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • CERT-In Audit
      • RBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience Framework
      • SAR Audit
      • View All Audit Services
  • Solutions
    • Managed Security
    • Devsecops
    • Strategic Security Solutions
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • CERT-In Audit
      • RBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience Framework
      • SAR Audit
      • View All Audit Services
  • Solutions
    • Managed Security
    • Devsecops
    • Strategic Security Solutions
  • CERT-InNew
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Company
    • About us
    • Partners
    • Careers
  • Contact
Awareness  ·  Data Privacy  ·  Malware

The Return of Joker Malware into Google Play Store

By Geetha R  Published On June 23, 2021

Joker – In cards, it makes you win.. In hosts, it makes you lose

Joker has always been a card in demand, which matches with every other color of the card and makes you Win. This card has got the power to fit himself at any missing card and turn the winning table in your favor. But if it comes as malware in your host/endpoint/mobile devices, then this will make you lose. 

Joker is a Trojan malware that is popular to steal your Device Information, SMS, Contact data, and Money also. It comes with infected applications on the Google Play Store (these apps are removed from the play store as of now) and subscribes you for paid services without your consent and it even authenticates the payments by reading OTP from your messages.

How does Joker Malware work

Once you have a malicious application installed on your phone, the Joker malware promptly starts snooping into your contacts, messages, and device information, it steals them and sends them to scammers & fraudsters. Later it starts reading notifications at the backend, without even bringing it to your notice, subscribes the victim to premium service without even knowledge of the user. 

So, let us take an example of how this Malware works

  1. When the installation is complete it will ask for permission to access your Contact List, SMS, and Notification (Notification is usually used to read your OTP and PIN’s). After receiving permission it will act as a general application for the purpose you have installed it. joker malware
  2. At Background the application starts snooping your device data, and It downloads supporting Payloads, which support the application to hack your device. These payloads are what we call Joker malware.
  3. These payloads hack your SMS data i.e OTP for a transaction, card data from applications for payments to subscribe premium services and they flush the money out of your account.
  4. Sometimes they also check for the SIM service provider and subscribe to premium service accordingly.
flow

Source : https://arstechnica.com/information-technology/2020/09/joker-the-malware-that-signs-you-up-for-pricey-services-floods-android-markets/

Here are the eight apps that were recently spotted. If you are a smartphone user, you should immediately check your phone to identify if you have any of the infected apps installed:

  1. Auxiliary Message
  2. Fast Magic SMS
  3. Free CamScanner
  4. Super Message
  5. Element Scanner
  6. Go Messages
  7. Travel Wallpapers
  8. Super SMS

If you are using any of these apps, you are at high risk of being defrauded – you must uninstall it immediately.

How to be safe from Joker Malware?

The Joker has been coded and embedded in the apps with so much expertise that it is extremely difficult for Google to catch it, So this is the reason these dangerous apps have been uploaded to the Play Store without even a second thought. The Google security team has identified and removed these apps as quickly as they have discovered, but there are some gestures you can perform to protect yourself from such apps.

  • Firstly, always have a reputed organization’s antimalware/antivirus installed on your smartphone and make sure you regularly scan your device for infections.
  • Secondly, be vigilant while installing any app on your smartphone, whenever you install anything on your device pay closer attention to what the application exactly does on your phone. This can be done when you launch an app for the first time post-installation, your OS Android, Apple, etc will alert you to what the app is trying to do. The app may request access to your camera, address book, SMS messages, etc.

As and when you see such dialogue or notifications pop up on your screen asking yourself – “Does this application really require access to your SMS or Contact list?” The application may claim that access to SMS is required to share your photos for instance – but in this case, you can always save photos to the built-in Google Photos app or Gallery and send from there.

And why do you need a “special” messaging app? other than your built-in Messages application. SMS, WhatsApp, Facebook Messenger, Telegram are safe and pretty popular – and they are not contaminated with malware too.

Always spare a few seconds to read alerts and Messages while installing apps as they often reveal something fishy – and unwanted – may be happening. If you are in a dilemma, or you have any doubts at all, simply deny the request and delete the app entirely.

Joker is an ultimately smart malware that has affected lots of victims. However, by following the tips mentioned above, there are chances that you can be safe from JOKER.

How can organizations defend themselves from such malware?

To protect themselves against malware like Joker, organizations need to create comprehensive vulnerability management programs and keep all the mobile devices up to date. Also, security teams should educate the rest of the workforce by conducting security awareness programs. 

WeSecureApp acts as the first line of defense for organizations

Going forward, organizations should consider using advanced security solutions that ensure the mobile application is released faster without compromising security. If you are looking for mobile application security, you should consider getting in touch with the WeSecureApp team as they utilize thorough manual penetration testing approaches that ensure manual testing of every aspect from the perspective of a real-time attacker. 

Get in touch – security@wesecureapp.com

 


jokerjoker malware

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

banking trojan
Bizarro: A Banking Trojan Stealing Information
Previous Article
weakest link in security
Cybersecurity - Humans Are The Weakest Link! Are They Really?
Next Article

Industries

BFSI

Healthcare

Government

Retail & eCommerce

Information Technology

Telecommunications

SERVICES

Application Security

Network Security

Cloud Security

Container Security

Threat Simulation

Compliance & Auditing

SOLUTIONS

DevSecOps

Managed Security

Cloud Snoop

Strategic Security Solutions

resources

Blog

Datasheets

Case studies

Podcasts

company

About

Partners

Careers

CERT-InNew

White papers

Contact

Privacy Policy

TRUST WE GAINED

trustpilot_review
GoodFirms Badge
clutch_review

© 2022 WeSecureApp. All rights reserved.

logo--facebook logo--instagram logo--linkedin logo--twitter

Get CERT-In Audit

By failing to prepare, you are preparing to fail

Homepage: By failing to prepare, you are preparing to fail
Enter the Captcha

Take a peek into sample report

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Subscribe to Our Podcasts

Blog Write For Us

By failing to prepare, you are preparing to fail

Take a peek into sample report

Get Started!

Get-started-WebServices-API
Enter the Captcha

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

navy_bubble.png
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok