Android: watch out for this virus that subscribes you to paid services

As of 2017, Joker malware has infected Android apps, and eleven of them continue to trick users into forcing them to subscribe to paid services. This new variant manages to bypass Google’s validation and security steps.

The cat-and-mouse game continues between hackers and Google Play as the Check Point company discovered new traces of Joker, a malware identified in 2017, and believed to be eradicated. His speciality ? Hide in classic and popular applications to activate payment for in-app services, such as paid options. All without the knowledge of the user.

This Thursday, security experts from Check Point discovered its presence in eleven applications, and they accumulate 500,000 downloads. The most worrying thing is obviously that these eleven applications are available from the Play Store . This variant of Joker has found a new way to play Trojans to hide in applications, and thus then become embedded in the smartphone . The malware  is hidden in the manifest file that each developer must integrate into their application, and placed in the root of the application folder. It contains information on the author, logo, version, etc.

The malware hides during the validation phase

In this file, Joker places malicious code there, but it is encoded in base 64, and therefore not identifiable. While Google examines the app file for validation, the code is inactive. As soon as the validation is effective and the security checks are passed, then the hackers’ server launches the command hidden in this code and the malware can thus activate.

Alerted, Google immediately removed these apps from its store , but it is obviously recommended that you uninstall them. These are ImageCompress, WithMe Texts, FriendSMS, Relax Relaxation, Cherry Messages, LovingLove Message, RecoveFiles, RemindMe Alarm, and Training Memory Game. It is also advisable to look at your bank account and verify that there have been no fraudulent withdrawals.