Dangerous Joker malware is back: it was found in a new app, which should be removed from your smartphone immediately.
After a few months spent in the shadows there is a new report of Joker virus-infected app published on Google Play Store. This means that Joker hasn't lost one of its most dangerous features: the ability to hide and bypass Play Store security checks.
This feature has allowed it to spread to millions of smartphones worldwide, through hundreds of infected Android apps like the one just reported by security researcher JamesWT on Twitter: Keyboard Wallpaper. It's an app that promises to install new wallpapers and a different keyboard on the Android smartphone, two seemingly harmless functions. Ma è proprio così che si diffonde Joker: nascondendosi in app apparentemente sicure e attivandosi solo dopo un po’ di tempo. L’app in questione è stata rimossa dal Play Store, ma chi l’ha già scaricata deve disinstallarla subito.
Perché il malware Joker è pericoloso
Joker, chiamato anche Bread, è un virus per Android scoperto nel 2017. Da allora ne sono state individuate moltissime versioni con funzionalità sempre più evolute ma con un comportamento simile a quello del codice originario.
Principalmente Joker è uno “spyware“, cioè un virus creato per spiare il comportamento dell’utente leggendo i dati contenuti nello smartphone. Joker può infatti accedere alla lista contatti, agli SMS e, nelle versioni più evolute, anche ai file presenti sul dispositivo.
Può anche prendere il controllo del “dialer“, la componente software dello smartphone che gestisce le chiamate, e usarlo per attivare abbonamenti a pagamento all’insaputa dell’utente.
How Joker Hides
The feature of Joker that has made it so successful over the past three years is its ability to hide itself, to pass Play Store checks unscathed.
It does this by hiding inside the AndroidManifest.xml file, a file found in all Android apps that contains the app's "manifesto". That is, it is used by the developer to describe to the Play Store what the app does.
Only when the app is approved and published on the Play Store does the Joker go live and start infecting the user's smartphone. By now, however, it's too late and as far as the app can be removed by Google all already downloaded copies have to be removed by hand.