Joker malware makes another quiet return to the Google Play Store

The makers of the Joker malware are a resilient lot, for they have managed to sneak the malware into the Google Play Store again after being spotted and kicked out on more than one occasion.

Earlier this week, the Belgian Police said the Joker malware was spotted in eight Google Play Store apps before the apps were removed by Google. The malware’s presence on the app store doesn’t bode well for Android users as it quietly subscribes users to paid services without their authorisation, thereby draining their bank accounts dry.

Joker malware is used by cyber criminals on a large scale, so much so that in January last year, Google kicked out as many as 1,700 applications from the Play Store that were found hiding the malware. By then, these applications were downloaded by millions worldwide, giving operators of the malware the opportunity to carry out billing fraud campaigns on a large scale.

According to Google, while earlier versions of Joker, that appeared sometime in 2017, were engaged in carrying out SMS fraud, later versions of the malware (also known as Bread malware) were designed for billing fraud that involved the malware authors using injected clicks, custom HTML parsers, and SMS receivers to automate billing processes without requiring any interaction from the user.

In a blog post published last year, Google noted that developers of Joker malware used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of the malware’s samples appeared to be designed specifically to attempt to slip into the Play Store undetected and at peak times of activity, Google observed up to 23 different apps from this family submitted to the Play Store in one day.

According to the Belgian Police, the eight apps found hiding the Joker malware this time are Auxiliary Message, Element Scanner, Fast Magic SMS, Free CamScanner, Go Messages, Super Message, Great SMS, and Travel Wallpapers. The choice of apps indicates that hackers are quite intent on exploiting the general demand for document scanning and instant messaging services to victimise millions.

What makes the use of the Joker malware even more threatening is that…