Another day, another Android malware – This time; The Joker malware is here not to creep you out but steal from you.
While “The Joker” might be your favorite villain fighting the dark knight, a new malware that goes by the name of it may not entertain you.
It has been recently discovered by researcher Aleksejs Kuprins, that The Joker malware infected 24 apps on the Google Play Store which had over 472,000 installations.
See: New Android ransomware uses pornographic posts to infect devices
After successfully being deployed, the malware tricks and scams users by signing them up for premium subscription services all without their knowledge. It does so by using the background component and stealthily clicking on advertisements and other processes intended to reach its final goal.
Finally, since an authorization code would be required usually for confirming payments, it accesses the user’s SMS messages and copies any code needed.
However unlike most malwares, it only targets users in specific countries. This is evident as the apps infected contain mobile country codes from which the sim should belong to for it to receive the payload.
For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription, wrote Kuprins in his
Support the originator by clicking the read the rest link below.
