For Google’s in-house developers, it’s just another day at the office to be a villain and stop the bad guys from evil. To an average user it is another day where a batch of Android apps that made it into the Google Play Store puts them on a risky path.
This time around, the malware is called “Joker.” As Aleksejs Kuprins writes over at the cybersecurity company CSIS, this particular malware which started off as trojan is designed to silently sign users up for subscription services, something they might not even notice they did unless they’re diligent in checking their monthly credit card statements.
This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for an SMS message with a confirmation code and extracting it using regular expressions.
RELATED ARTICLE: Delete These 7 Banned Apps From Your Android Phone
Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”
While Google has since removed the offending Android Apps from the Google Play store, they managed to rack up more than 472,000 total downloads before their excommunication. If you have any of these apps installed on your own Android phones or tablets or, worse, you actively use them it is time to delete them ASAP.
- Advocate Wallpaper
- Age Face
- Altar Message
- Antivirus Security – Security Scan
- Beach Camera
- Board picture editing
- Certain Wallpaper
- Climate SMS
- Collate Face Scanner
- Cute Camera
- Dazzle Wallpaper
- Declare Message
- Display Camera
- Great VPN
- Humour Camera
- Ignite Clean
- Leaf Face Scanner
- Mini Camera
- Print Plant scan
- Rapid Face Scanner
- Reward Clean
- Ruddy SMS
- Soby Camera
- Spark Wallpaper
What do you have to do now when infected?
If you have used any of these Android Apps, it’s worth checking your Google Play account for any unexpected subscriptions.
However, you’ll want to take a peek at your bank statements dated as far back as June of this year, which is when the Joker malware started kicking off its latest batch of auto-subscriptions.
You ought to let your contacts know that you were potentially infected, as Joker pilfers your entire contact list and uploads it to a command and control server.