Uninstall these eight apps with Joker malware immediately!
What's the story
The infamous Joker trojan is back to haunt Android devices. Eight applications that were known to be spreading the malware have since been removed from the Google Play Store. However, that just prevents new downloads.
If you have any of these applications installed, here's a closer look at how the Joker malware works and how you can steer clear of it.
Damage control
Which are those apps?
A recent report by Quick Heal Security Labs identified eight applications that propagated the Joker malware. They are Auxiliary Message, Fast Magic SMS, Free CamScanner, Super Message, Element Scanner, Go Messages, Travel Wallpapers, and Super SMS.
If you have any of these apps installed, we would recommend that you uninstall them immediately.
Most of the malicious apps are notably for messaging.
Silent attack
Malware subscribes to premium services, bills the victim's accounts
For the unversed, the Joker malware that has been around for approximately three years steals information about an Android device owner via SMS messages, stored contacts, and the device information page in Settings.
It uses these details to subscribe to premium services that drain the victim's bank account.
When a victim installs an infected application, the malware is silently downloaded on their device.
Modus operandi
Malware leverages infected app's permissions, reads all SMS messages
Once installed, the infected app would ask for access to notifications in order to work. This permission is misused by the malware to read the content of incoming text messages using the OnReceive command.
Then, it misuses the infected app's access to contacts and permission to make and manage phone calls. Using this, it ascertains the country code for the victim's SIM card.
Background activities
Victim's accounts used to pay for pre-programmed premium services
Based on the victim's SIM card's country code, the Joker malware automatically initiates subscriptions to pre-programmed services in the region, all of which are paid for by the victim.
Worryingly, these malicious activities happen in the background.
One of the easiest ways to catch the malware in action is to be watchful for unfamiliar transactions that you didn't initiate.
Freeze transactions
Immediately contact bank, cybercrime helpline for help with unauthorized transactions
If you do notice some suspicious transactions, immediately contact your bank or the Central government's recently-launched Cyber Fraud Helpline number (in India) to halt the transaction.
In order to avoid getting robbed by malware like this, we suggest that you install applications only from trusted sources such as the Google Play Store. Also, steer clear of random links received via SMS messages.
Staying safe
Verify the legitimacy of applications you download, beware of clones
Importantly, always grant an app just the permissions that it needs to function properly. A flashlight app seeking access to your contacts is a red flag.
Sometimes, clones of reputed applications are also available. Be sure to check the application name and the developer before downloading. A similar malware attack this year targeted Facebook Messenger users. The malicious app names were just misspelled.
Stay alert
Ensure that you don't install applications from unknown sources
To protect you further, Android has a built-in setting that prevents the installation of apps from unknown sources. Although this setting is turned on by default, do check once again.
Lastly, avoid downloading applications from advertisements, WhatsApp messages, SMS messages, emails, and potentially suspicious sources.
When using applications with unreasonable permissions, keep an eye out for unauthorized transactions and uninstall applications targeting your finances.