What Is Joker Malware? How to Protect Yourself From This Threat

Joker malware is yet another threat to your privacy and sensitive information. It recently attacked mobile Android devices across the globe, which lead to the removal of several apps from the Google Play Store.

That said, Joker malware is anything but a joke. If you want to keep your device secure, you'll need to know what Joker malware is, and how it works.

What Is Joker Malware?

This deceptive malware is called "Joker" for a reason---the malware hides behind the mask of a seemingly authentic app and preys on unknowing users. You might also see Joker malware called Bread, which are both the same thing.

Google first encountered this threat in 2017, and it's still an ongoing issue. The persistent hackers behind Joker malware constantly find ways to manipulate the Google Play Store's security flaws, allowing the camouflaged malware to go undetected.

Joker Malware Google Play Store — Image Credit: Mika Baumeister/Unsplash

Joker's authors have several methods to get their infected app past the security protocols in the Play Store. In fact, they even make a malware-free version of the app, upload it to the Google Play Store, and then later install the malware on your device by cloaking it as an "app update."

When you install an app infected with Joker malware, it signs you up for a paid subscription without your permission. To make matters worse, Joker malware can also get hold of your contacts, SMS messages, and your device information. It's difficult to get your money back after falling victim to this scam, so it's important to prevent infection before it even happens.

How Does Joker Malware Work?

Apps infected with Joker malware don't blatantly ask for your private information. The malware is much sneakier than that, making it even harder to realise when you've become a victim.

The first type of Joker malware mainly relied on SMS fraud. By sending an SMS message to a premium number from your phone, Joker malware would sign you up for subscriptions or make payments without your knowledge. Since these premium services and subscription plans are often partnered with mobile carriers, you'd typically see these unwanted charges on your cellphone bill.

In early 2019, Google tightened restrictions on apps that asked to access your Call Log or SMS. Thanks to this policy change, many Joker-infected apps were caught, and later removed from the Play Store. The implementation of Google Play Protect has also helped keep Android devices safe.

Despite Google's efforts, Joker malware persists. Research by Check Point has found a new kind of Joker malware that's just as deceitful as the last. Instead of engaging in SMS fraud, it now uses an old trick that's typically found in Windows malware.

After landing on your device, Joker malware downloads a an executable DEX file from a command-and-control server. This code is used to secretly sign you up to premium subscriptions. It then proceeds to prevent subscription confirmation notifications from popping up on your phone.

To do this, Joker malware takes advantage of Notification Listener, an Android feature that gives apps access to your device's notifications. The malware hijacks the Notification Listener, allowing it to interfere with your push notifications.

The most recent version of Joker malware manages to get past Google's security using a clever technique. According to Check Point, "the new variant now hides the malicious DEX file inside the application as Base64 encoded strings, ready to be decoded and loaded."

This means that when the app gets placed on the Play Store, there's no sign of malware. It's only when users actually download the app that the malware bares its teeth.

How to Protect Yourself From Joker Malware

Google recently removed 11 apps from the Play Store that contain Joker malware. If you have any of the following apps, uninstall them immediately:

Compress Image (com.imagecompress.android)
Contact Message (com.contact.withme.texts)
Friend SMS (com.hmvoice.friendsms)
Relaxation Message (com.relax.relaxation.androidsms)
Cheery Message - listed two times (com.cheery.message.sendsms)
Loving Message (com.peason.lovinglovemessage)
File Recovery (com.file.recovefiles)
App Locker (com.LPlocker.lockapps)
Remind Alarm (com.remindme.alram)
Memory Game (com.training.memorygame)

While most of these malicious apps function as alternative messaging apps, others include an image compressor, reminder alarm, a wallpaper app, and more. If any of these apps sound familiar to you, check your mobile and credit card bills. Any sketchy-looking transactions or subscriptions could be a sign of Joker malware.

Joker Malware App Example — Image Credit: Check Point Research/https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/

Since Joker-infected apps look legitimate from the outside, you'll need to take some extra precautions when downloading apps. The above photo is an example of an app infected by Joker malware---looks pretty legit, right? That's just how much these infected apps can blend in with all the rest.

You should also keep in mind that many Joker-infected apps have fake user reviews on the Play Store. These positive reviews build trust, and also entice you to download the app.

Fortunately, it's fairly easy to spot fake reviews once you know what to look for. If you see any duplicate reviews under an app, the reviews are likely fake. The same goes for generic reviews that make no mention of the app's name.

Besides knowing how to identify an unsafe app on the Play Store, you can also protect yourself by installing a reliable security app on your device. You might not think you need an antivirus app on your Android, but it can definitely come in handy when trying to combat Joker malware.

Lastly, you should only install apps that you really trust. Do some extra research on any apps that you want to download. If you see any sign of a scam, avoid it at all costs.

What's the Future of Joker Malware?

Although Google managed to take down over 1,700 Joker-infected apps in January 2020, and later removed the 11 apps listed above, that doesn't mean we're completely safe. Joker malware is still out there, and will likely stay there for a while. It's constantly adapting to the Play Store's security policies, which means it'll continue to evolve as time goes on.

Does this mean that some apps on the Play Store are currently hiding Joker malware? Unfortunately, some apps have probably made it past security protocols. This only means you need to exercise some extra caution when downloading apps.

Just because there are dangerous apps out there doesn't mean you have to stop installing APKs from third-party sites. Stay secure, and download from one of these best sites for safe Android APKs.