Experimenters from security enterprises Pradeo discovered multiple apps spreading the Joker Android malware.
The Joker malware is a malicious law disguised as a system app and allows attackers to perform a broad range of malicious operations, including disabling the Google Play Protect service, installing malicious apps, generating fake reviews, and showing advertisements.
The spyware is suitable to steal SMS communications, contact lists, and device information and to ink victims up for decoration service subscriptions.
Experimenters from Pradeo discovered 4 new malicious apps on Google Play that were infected with the Joker malware and acting as droppers. The apps have been installed by 100000+ mobile druggies, according to the security establishment.
ThreatLabz researchers announced that they have discovered more than 50 unique Joker download apps in the Play Store so far. These apps have been downloaded more than 300 thousand times in total and fall into the following common categories:
Communication (47.1%)
Health
Personalization (5.9%)
Photography
Tools (39.2%)
“Tools and communications were among the most targeted categories covering the majority of applications infected by Joker. ThreatLabz discovered daily uploads of applications containing the Joker malware, indicating a high level of activity and persistence of the adversary group,” reads an analysis published by Zscaler. "Consistent with previous findings, the latest ThreatLabz discoveries belonging to the Joker anti-malware campaign continue to follow similar developer naming patterns and use known techniques."
ThreatLabz experts also discovered malicious apps infected with Facestealer and Coper malware on the Play Store
Spyware Facetealer was first spotted in July 2021 by researchers Dr. The website, the development team behind the threat changed its code frequently. The malware was designed to steal Facebook users' login credentials, passwords, and authentication tokens.
Malware Coper is a banking trojan that targets banking applications in Europe, Australia and South America. Threat actors distribute apps by masquerading as legitimate apps on the Google Play Store.
“Once downloaded, this app releases the Coper malware infection, which is capable of intercepting and sending SMS text messages, making USSD (Unstructured Supplementary Service Data) requests to send messages, logging keys, locking/unlocking device screens, performing over-the-top attacks, and preventing uninstalls. and generally allows attackers to take control and execute commands on an infected device through a remote connection to the C2 server,” the report continues. "The result of these activities ultimately results in attackers gaining information and access that they can use to steal money from victims."
Face stealer and Copper dropper apps have been uploaded to the Play Store as Vanilla Camera (cam.vanilla.snapp) and Unique QR Scanner (com.qrdscannerratedx).
Below are recommendations:
- Do not install unnecessary, untrusted and unverified applications on your mobile device.
- Look for apps with a very high number of installs and positive reviews.
- Don't grant notification listener and escalated facilitation permissions to apps you don't fully trust.
- If possible, don't install messaging apps, or be extremely careful and take the time to research and make sure the app is well-known and reviewed.
- If you become a victim of a malicious app from the Play Store, notify Google immediately through the support options in the Play Store app.
-Prameet
