![]() In this variant, the infected Google Play store app has the C&C address hidden in the code itself with string obfuscation. In some of the Joker variants, we saw the final payload delivered via a direct URL received from the command and control (C&C) server. In this blog, we will discuss the tactics used by the Joker malware author to bypass the Google Play vetting process. (As of this writing, all of these apps have been removed from the Google Play store.) Hummingbird PDF Converter - Photo to PDF.One Sentence Translator - Multifunctional Translator.Unique Keyboard - Fancy Fonts & Free Emoticons.The following are the names of the infected apps we discovered on the Google Play store: There were a total of around 120,000 downloads for the identified malicious apps. We identified 17 different samples regularly uploaded to Google Play in September 2020. This prompted us to evaluate how Joker is so successful at getting around the Google Play vetting process. Once notified by us, the Google Android Security team took prompt action to remove the suspicious apps (listed below) from the Google Play store. Recently, we have seen regular uploads of it onto the Google Play store. Our Zscaler ThreatLabZ research team has been constantly monitoring the Joker malware. This spyware is designed to steal SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services. Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques. Joker is one of the most prominent malware families that continually targets Android devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |