Security researchers are sounding the alarm over 24 Android apps laced with a stealthy trojan that signs you up for a costly subscription without your permission. If you”ve downloaded any of the 24 apps, delete them now and check your bank statements for any suspicious activity!
Hiding within the advertisement frameworks and not exposing too much of its malicious code out in the open, the Joker is a stealthy piece of malware that made its way onto Google Play as early as June.
The malware leeches money out of its victims by signing them up for premium subscription services through automated clicks behind ad banners, security researcher Aleksejs Kuprins warns. The Joker even copies the authorization code sent to the user via SMS and steals the user”s entire address book.
As reported by TechCrunch, so far, these 24 apps are known to be laced with the Joker Trojan:
Google quickly removed them from Play Store, so there”s no danger of anyone downloading one of these apps again. However, there is no guarantee that no other apps have been infected. Also, if one of these apps is still on your phone, delete it pronto! And check your bank statement for any subscriptions you haven”t personally signed up for.
For those interested, Kuprins has an in-depth analysis of the Joker and how it works.
Bitdefender Mobile Security for Android detects Joker and all its variants as Android.Trojan.Downloader.TL and blocks it.
As a rule of thumb, always keep close tabs on your device”s permissions when downloading apps from the Google Play store. Stay safe out there!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024