64 new variants of 'Joker' malware have invaded Android app stores

Polycount

Posts: 2,590   +556
Staff member
In context: Malicious Android apps are nothing new, even on the supposedly well-curated Google Play Store. Indeed, just a couple of days ago, Google was forced to remove 17 Android apps that contained a malware family known as "Joker." Joker-laden apps masquerade as legitimate and may even provide useful functions to their users -- however, some time after the app has been downloaded onto a given device, its true, sinister goal is achieved.

In the case of the 17 apps mentioned before, that purpose involves swiping a users' SMS information to sign them up for premium wireless application protocol services, according to security research firm Zscaler.

However, that virus crackdown is only the latest in a longer string of similar Joker outbreaks -- similar clusters of Joker-laden apps have appeared many times over the past few years, with the first hitting Android marketplaces in late 2016.

Joker wouldn't be such a significant issue were it not for two things: the popularity of the apps it's been injected into, and its widespread deployment across not just the Google Play Store, but a variety of third-party Android app stores, some of which have even more lax security standards.

According to Zscaler, the 17 apps involved in the latest Google crackdown were downloaded a whopping 120,000 times in total. That's 120,000 potential victims, and the problem is only getting worse: new reports suggest 64 new Joker variants have already been discovered in just the past couple of weeks.

Mobile security firm Zimperium describes the "full attack chain" of Joker via the following flowchart:

First, the app "decodes" or decrypts strings to obtain and load a URL to a malicious "dex" file. Then, the dex file is downloaded from said URL, and it's loaded onto the system using "reflection techniques" that invoke the "DexClassLoader constructor." Finally, the file performs whatever malicious tasks it was developed to do, with the device owner often being none the wiser.

It will be difficult for Google to keep a handle on this massive influx of sophisticated, virus-laden apps, but we'll let you know if the problem gets worse or improves over the coming months.

In the meantime, Android should only download apps from developers they fully trust and avoid leaving unused apps on their phones without good reason.

Permalink to story.

 

trparky

Posts: 814   +781
Another day, another hundred apps removed from the Google Play Store.

And people wonder why I went with the iPhone. You can't sit there and tell me that Google with all of their millions can't afford to have a proper app vetting process because I'll call bullsh*t.
 

stewi0001

Posts: 2,445   +1,943
TechSpot Elite
Another day, another hundred apps removed from the Google Play Store.

And people wonder why I went with the iPhone. You can't sit there and tell me that Google with all of their millions can't afford to have a proper app vetting process because I'll call bullsh*t.
Malicious stuff makes it to the App Store too. If there is a will, then there is a way. Yes, Google could do a better job checking out the apps being put on the Play Store.
 
  • Like
Reactions: Beelzebot

trparky

Posts: 814   +781
Malicious stuff makes it to the App Store too.
Not as many times as Google by a wide country mile. It's like every other month we hear about this crap.
Google could do a better job checking out the apps being put on the Play Store.
Yes, they could. I have no idea why, but they don't.

It's like come on Google, do you even care? Because it sure seems like they couldn't give a damn. The safety of your users are at stake here and yet they don't seem to be doing a damn thing about it.
 
  • Like
Reactions: PEnnn

Mugsy

Posts: 675   +121
Notice how Google stopped advertising Chromebooks as "impervious to viruses" about a year ago.
 
  • Like
Reactions: trparky

trparky

Posts: 814   +781
Notice how Google stopped advertising Chromebooks as "impervious to viruses" about a year ago.
Yeah, because Chromebooks can run Android apps and well... we're talking about that reason right here in this thread.
 

lazer

Posts: 354   +103
Terrible news! used to be Android was safe and Windows programs were infected.
Guess the times, they are a changing....
 

trparky

Posts: 814   +781
Terrible news! used to be Android was safe and Windows programs were infected.
Guess the times, they are a changing....
This is what happens when your app vetting process has been a massive failure from the beginning. And yes, I blame Google for this crap. They have the money to do it right (don't tell me that they don't!), they just choose not to.

I just don't know if it's out of malice, stupidity, or just laziness though.
 
  • Like
Reactions: Goat11

Goat11

Posts: 21   +49
Malicious stuff makes it to the App Store too. If there is a will, then there is a way. Yes, Google could do a better job checking out the apps being put on the Play Store.
Really? Care to show us an example? Even if one or two or even 3 malicious apps made it to the AppStore, it's nothing close to the weekly or monthly malicious apps you find on Google Play Store.

I am not against Google or Pro Apple here, but Apple closed garden has proven itself to work quite well and I never have to think twice before I install an app from the App Store.

I am not an Apple fan, I hate lots of their policies and the fact they are becoming greedy by the day. But when credit is due...
 

trparky

Posts: 814   +781
I am not against Google or Pro Apple here, but Apple closed garden has proven itself to work quite well and I never have to think twice before I install an app from the App Store.
Same here. I never have to think about if there's going to be an issue with an app, I just install it and go on my way.
I am not an Apple fan, I hate lots of their policies and the fact they are becoming greedy by the day. But when credit is due...
Me too. I'm not particularly crazy about everything Apple does as well but I have to give Apple credit, their platform is a hell of a lot safer to use for the average everyday user. Let's face it, the average everyday user needs all the handholding they can get and a whole lot more.
 
  • Like
Reactions: Goat11

Goat11

Posts: 21   +49
Let's face it, the average everyday user needs all the handholding they can get and a whole lot more.
That's hitting the nail on the head - and a lot of people who actually need this handholding are not aware of this fact! oh well, what can you do? I'll keep using Apple as long as they prove to keep my mobile devices safe without me needing to install all sorts of tools and Anti-SOMETHING apps to keep bad things from happening to my precious data.
 
  • Like
Reactions: trparky

trparky

Posts: 814   +781
That's hitting the nail on the head
It comes down to the fact that for most people you can't expect them to know how to keep themselves and their data safe. You can teach them about security all you want until you're blue in the face and for the most part it'll go in one ear and out the other with very little processing in between. This is why locked down ecosystems are essentially going to be the future.

Do I like it? No! I like freedom, I really do. But that kind of freedom is absolutely dangerous to 95% of the users out there.

The geeks and nerds talk about how they want open platforms and all and trust me, I want them too, however I also know that open platforms are just not compatible with the average user. Handing open platforms to the average user is like handing a grenade to a baby and hoping it doesn't pull the pin and blow itself up.
 
Last edited:
  • Like
Reactions: Goat11

stewi0001

Posts: 2,445   +1,943
TechSpot Elite
Really? Care to show us an example? Even if one or two or even 3 malicious apps made it to the AppStore, it's nothing close to the weekly or monthly malicious apps you find on Google Play Store.

I am not against Google or Pro Apple here, but Apple closed garden has proven itself to work quite well and I never have to think twice before I install an app from the App Store.

I am not an Apple fan, I hate lots of their policies and the fact they are becoming greedy by the day. But when credit is due...
Yes I could give you links to some but, I don't have the time for that at the moment. Yes, the media frequency for Play Store related malware is higher than the App Store. However, there is the possibility that Apple tries to minimize stuff getting out to the media. This is only a theory and very well could be wrong since Apple does likes to play "Big Brother" a lot.
 

trparky

Posts: 814   +781
However, there is the possibility that Apple tries to minimize stuff getting out to the media. This is only a theory and very well could be wrong since Apple does likes to play "Big Brother" a lot.
I'd buy that idea if there weren't so many people that dislike Apple. I'm sure that there's a lot of people who would love to stick it to them and publish it anyways regardless of whether it would please Apple or not.

Like it or not, Google's app vetting process just absolutely sucks, and they've got to get a handle on this crap already.