We identified this variant in the Google Play Store based on a Twitter post that we came across during our routine threat hunting. Based on our research, we can confirm that the app was present in the Google Play Store till July 05, 2021.įigure 1 The App Previously Available in Google Play StoreĮven though Google promptly removed the application from the Play Store, the app has already had 500+ installs. Though Google removed this malware from its Play Store, attackers keep making slight modifications to the application and payload, thereby enabling the malware to evade Google Play Store’s detection of malicious aps. The changes by the Threat Actor (TA) include applying complex obfuscations in the code, changing execution methods, and using different payload retrieving techniques.įigure 2 App removed from Google Play Store This is a common functionality of the Joker malware. Hiding as a legitimate application, it was found that the app is an updated version of Joker that downloads additional malware to the device and subscribes the users to premium services without their knowledge or consent. This can be attributed to the notification reading capabilities of the malware which gives it access to the SMS details of the user.Ĭyble researchers recently discovered a new variant of the Joker Dropper and spyware/trojan variant was accessible from the Google Play Store. In addition to stealing sensitive information, the malware is also capable of stealing money stolen from the user’s bank account without his/her consent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |