The 'Joker' malware grabbed headlines after it infected a plethora of devices globally. It resulted in loss of sensitive information from users on whose devices the malware had infected. Google removed 11 apps from its Play Store for spreading the malware. But what is the Joker malware and how does it infect your device? Here is how it does it.
A malware is a malicious software which leaks confidential information from mobile phones or other wireless-enabled personal digital assistants. Malware can be of different kinds. Joker is a 'trojan' malware which is activated only when a user interacts with it in the form of an app installation as such. The virus then goes past the device's security and is able to render the device useless or even steal information. How it does is by downloading a secured configuration from a command-and-control (C&C) server in the form of an app-installation. The app in question will already infected. The hidden software then installs a follow-up component that steals SMS details under the guise of the host's interaction with ad websites.
Also Read
- What is mercenary spyware? Apple warns of potential attack, Indian iPhone users among targets
- Pegasus: French President Emmanuel Macron's phone number on snoop list
- US' China strategy in partnership with its friends, allies: White House
- Google bans 11 apps for spreading malware
- WhatsApp urges users to upgrade app after Israeli spyware attack
The malware also steals money from users by subscribing them to premium services without their consent. Authentications such as OTPs (one time passwords) are obtained by stealing SMS information. The user only gets to know of the money deduction when they are alerted about transactions on their cards. While Google has strict measures in place to check for malware such as this, the Joker managed to get past the stringent security measures by tweaking its codes. This allowed it to hide behind legitimate apps. This helped it avoid detection by Google.
Although Google has removed 11 apps that were infected by the malware, those who had installed any of these apps already will have to uninstall them. The 11 removed apps from the Play Store include: com.imagecompress.android, com.relax.relaxation.androidsms, com.cheery.message.sendsms (two different instances), com.peason.lovinglovemessage, com.contact.withme.texts, com.hmvoice.friendsms, com.file.recovefiles, com.LPlocker.lockapps, com.remindme.alram and com.training.memorygame.
