Recently security teams discovered on the online app store of Google Play Store, the presence of one of the most dangerous malware that threatens Android users.
This malware is nothing but the famous Joker, a program used by hackers to empty victims' bank accounts by subscribe to illegal and very expensive subscriptions without their knowledge.
This article will also interest you: Google's Play Store to test 24,000 unreliable apps
In a sense the Joker is considered to be one of the most popular malwares of cybercrime. It makes its first appearance in 2019. Its main feature is to subscribe users to paid services and this, without their knowledge. During the year 2020, he would have been seen several times on the play store. Before being eliminated by Google's security services. Unfortunately this is only for now as it reappears in April of this year. It was first seen in AppGallery, the app store of Chinese giant Huawei. Yesterday, security researchers from the American company McAfee discovered Google's app store. The software would be incorporated into more than 8 applications. These apps are still available on the Google Play store.
Looking closely at these applications alone, there are more than 700,000 downloads. Which is not insignificant in itself. The same modus operandi as the Joker was clearly observed two years ago. The operators behind this malicious program can not only hijack SMS messages, but also use them to make purchases that are not authorized by the user himself. The McAfee researcher claims to have been able to break into the hacker server behind these 8 applications. As a result, they were able to discover a fairly large number of the personal trainings belonging to the victims. Information includes phone numbers, personal text messages, IP addresses or geographic location. On the operator's server, there were also automatic renewal subscriptions. "The malware hijacks the Lister Notification to steal incoming SMS messages as the Android Joker malware does, without the SMS's permission to read," the researchers explained.
According to the information we have, Google has already removed C8 application from its catalog. "It's important to pay attention to apps that ask for SMS and notification permissions. Simply put, legitimate photo editing and wallpaper applications do not require these permissions because they are not necessary to operate them. If a request seems suspicious to you, don't allow it," says McAfee researchers.
We'll give you a complete list of the applications affected by this security issue:
– Studio Keypaper 2021;
PiP Editor Camera;
– My Favorites up Keypaper;
Super Color Hairdryer;
– Pip Hit Camera;
– Daynight Keyboard Wallpaper;
– Super Star Ringtones;
– Photo Editor app;
Now access an unlimited number of passwords: