The Joker’s in town. Time to secure your Android devices

Blog | 11-10-2019 | 2 Minute read

The Joker’s in town. Time to secure your Android devices

Security experts from Google have discovered a new spyware in 24 Play Store apps that, combined, have more than 472,000 downloads. Researchers have stated that this spyware also has the capabilities of normal malware and appears to have infected certain apps in Google Play with more than 100,000 installations. Cybercriminals are deploying this spyware through the advertisement framework in those compromised apps.

Introduction to Joker

This spyware secretly collects users’ personal details, like contacts and other address book details, and is aptly named Joker. Joker uses the SMS collection module to confirm the user’s country. All infected apps contain a sophisticated list of mobile country codes, which Joker openly exploits. Cybercriminals are also sending command and control codes that can be executed using a JavaScript to keep their spyware alive.

This Joker spyware comes with two components: one that identifies the device location, and another that automatically subscribes users to the premium package offered in the ads by the campaign sponsors. All of Joker’s activities are controlled by a command and control (C&C) server operated by the cybercriminals.

Countries targeted by Joker

Joker has targeted these 37 countries: Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.

Joker-infected Android apps

The following applications have been infected by Joker:

  1. Antivirus Security – Security Scan, App Lock
  2. Dazzle Wallpaper
  3. Collate Face Scanner
  4. Reward Clean
  5. Age Face
  6. Altar Message
  7. Rapid Face Scanner
  8. Picture editing
  9. Soby Camera
  10. Great VPN
  11. Humor Camera
  12. Advocate Wallpaper
  13. Ruddy SMS Mod
  14. Ignite Clean
  15. Print Plant scan
  16. Leaf Face Scanner
  17. Boar
  18. Declare Message
  19. Display Camera
  20. Beach Camera
  21. Mini Camera
  22. Certain Wallpaper
  23. Cute Camera
  24. Spark Wallpaper

How to protect your Android devices against Joker 

To simplify things, Google has already identified these 24 apps in the Play Store, confirmed their Joker infection, and removed them from the Play Store. However, this only blocks any future downloads of the infected apps.

Users that have already installed these apps in their devices will be issued a warning by Google Play, like the one users received for the CamScanner malware. So, check your Android device for these apps and remove them before you end up handing over your personal data to Joker.

For organizations that manage corporate-owned, personally enabled (COPE), choose your own device (CYOD), and bring your own device (BYOD) environments, it’s better to include these 24 apps in the blacklisted or prohibited group of applications and deploy the policy to your managed devices. Blacklisting and whitelisting apps can be carried out using a mobile device management (MDM) or unified endpoint management (UEM) solution.

Thwart Joker with help from ManageEngine 

If you already have an MDM or UEM solution, start rolling out your new configurations as soon as possible. If not, you can download ManageEngine’s unified endpoint management solution or mobile device management solution to blacklist infected applications and nullify Joker. Both of the above solutions come with a free trial for 30 days and offer a free edition, which will allow you to manage 25 mobile devices completely free.

Do not underestimate Joker; doing so could be lethal to your organization considering the current data protection laws like the GDPR and POPI for Europe and South Africa, along with upcoming laws like the CCPA and LGPD for the USA and Brazil.

Subscribe for the latest resources

To receive our latest resources via email, please complete your details below.