Check Point researchers have uncovered 11 dangerous apps that hide the Joker virus, capable of stealing money and user data
It's die-hard Joker, one of the most popular malware on Android smartphones since it first made its appearance in 2017. Since then, this virus has kept changing, finding new ways to evade Play Store protections. And it has succeeded, as Check Point Technologies has scouted it inside 11 other apps.
Joker is a virus capable of doing many dangerous things: first of all, it is a spyware, which steals our personal information, reads our messages, accesses our contacts' address book, but can also send SMS without the user noticing. Google has justified its difficulties in preventing the publication of Joker-infected apps by stating that this virus "uses virtually every known cloaking technique to hide itself in an attempt to go unnoticed."
Android Manifest: where the virus hides
All apps, even clean and legitimate ones, have a file called "Android Manifest" where they have to provide the Play Store with precise information about the app itself: name, icon, required permissions, purpose of the app. Joker has exploited this file: inside it, in fact, Check Point researchers have found the malware code. Joker's strategy, therefore, is not based on connecting to an external server to download the dangerous code, but on inserting the code directly into Android Manifest and waiting several days, after the app installation, before starting its activities.
What Joker virus does
As mentioned, Joker is a virus that belongs to the spyware family and was created with the task of stealing personal data from users and spying on everything they do with their smartphones. A sneaky and very dangerous virus, but one that has now evolved. In the latest version uncovered by Check Point's researchers, it is also capable of activating premium subscriptions to services and apps on its own, all without the user being able to do anything.
11 apps infected by Joker: what are they
The apps discovered by Check Point Technologies are 11 in total and have all been reported to Google, which removed them from the Play Store in April. Tra di esse ci sono app per comprimere le immagini, app di messaggistica e comunicazione, app di massaggi per il relax, app per il recupero dei file cancellati, app locker, app di promemoria e sveglie e giochi per allenare la memoria.
Alcune di queste app sono ancora disponibili su altri store diversi dal Play Store di Google e alcune sono di nuovo presenti sullo stesso Play Store. Non è detto, però, che queste app siano ancora infette (che invece sono state rimosse). Ecco la lista
- com.imagecompress.android
- com.contact.withme.texts
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.cheery.message.sendsms
- com.cheery.message.sendsms
- com.peason.lovinglovemessage
- com.file.recovefiles
- com.LPlocker.lockapps
- com.remindme.alram
- com.training.memorygame
Come difendersi da Joker
I ricercatori di Check Point forniscono anche degli utili consigli su come difendersi da Joker. In primis bisogna eliminare una delle 11 app pericolose nel caso in cui le abbiate installate, poi dovete controllare sull’estratto conto della carta di credito se per caso ci sono dei pagamenti per l’acquisto di applicazioni che nemmeno conoscete. Infine, installate un antivirus, ce ne sono tanti sul Play Store, anche di gratuiti.