Joker Virus Detected in 24 Google Play AppsDetails on how the Android virus operatesThe first stage: Loader componentThe second stage: Core componentRemove Joker malware and cancel paid subscriptionsStep 1. Remove infected appsStep 2. Check and cancel premium subscriptions
The malware was first discovered and described by CSIS security researcher Aleksejs Kuprins. According to the security specialist, the malware has been installed onto various devices over 472,000 times with the help of 24 infected Android apps, all containing Joker malware. Since the discovery of malicious software, Google Play has removed these 24 apps from the store, however, users who installed the compromised apps MUST remove them from their devices manually to secure their privacy and bank accounts. Android users who have one of the following apps on their devices must uninstall them IMMEDIATELY to remove Joker malware completely:
Advocate Wallpaper;Age Face;Altar Message;Antivirus Security – Security Scan;Beach Camera;Board picture editing;Certain Wallpaper;Climate SMS;Collate Face Scanner;Cute Camera;Dazzle Wallpaper;Declare Message;Display Camera;Great VPN;Humour Camera;Ignite Clean;Leaf Face Scanner;Mini Camera;Print Plant scan;Rapid Face Scanner;Reward Clean;Ruddy SMS;Soby Camera;Spark Wallpaper.
If you have been using one or several of these apps, make sure you remove Joker virus from your Android device completely. Please use the free instructions at the end of this article.
Details on how the Android virus operates
The Joker Android virus lurks in advertisement frameworks used by the above-mentioned applications, delivering an initialization component (Loader) to the victim’s device. The loader is set to carry out the following tasks:
The first stage: Loader component
Before attacking the Android device, Joker virus checks whether the victim is using a SIM card from one of Mobile Country Codes (MCC). Most of the infected apps targeted Asian and European Union countries, although some of them were set to target victims worldwide. Interestingly, the vast majority of 24 apps have been configured to check whether the victim is from US or Canada, and terminate the malware in case of positive return. The Android virus targets a total of 37 countries: Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Norway, Netherlands, Poland, Portugal, Qatar, Republic of Argentina, Singapore, Serbia, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United States and United Kingdom. The Loader is set to download the DEX file and deobfuscates it for further use, proceeding to the core malware functionality.
The second stage: Core component
The main part of Joker Android virus is coded to be as little, as functional, and as silent on the compromised device as possible. It is clear that the malware is created by professionals who want and know how to operate silently without being noticed (at least not until the victim notices payments in the bank account). The malware continuously communicates with the C&C server to receive new tasks and report results. The main task of Joker is to simulate victim’s clicks on advertisements. As a result, it opens premium offer URLs and injects JavaScript commands, waiting for the authorization SMS to arrive. Since the Android virus contains a phone notification checker, it quickly observes incoming SMS and extracts the required confirmation code to purchase premium services on behalf of the victim. The malware also steals all text messages from the victim’s phone as well as the whole address book and sends them to the C&C server.
Remove Joker malware and cancel paid subscriptions
We want to stress out that you not only must remove Joker virus by uninstalling the previously mentioned apps from your phone, but you also need to check what premium subscriptions are active on your account currently.
Step 1. Remove infected apps
First of all, you need to check whether you have any of the listed apps on your phone or tablet and remove them in a few simple steps: Uninstalling the malicious app won’t cancel premium subscriptions.
Step 2. Check and cancel premium subscriptions
Once you complete these steps, Joker virus removal will be complete. Make sure you always check app permissions and download only trustworthy components to your Android device to avoid Android virus infection.