skip to Main Content

Mobile, cybercrime spread Joker malware in 37 targeted countries

Mobile, Cybercrime Spread Joker Malware In 37 Targeted Countries

CSIS Security Group: The Android mobile malware is targeting 37 countries. The Trojan has been designed to sign users up for premium services, and to steal victim’s SMS messages, contact list and device information. It has been detected in 24 GooglePlay apps

A new malware is targeting Android devices: Joker. It has been discovered by CSIS Security Group cyber security experts. It’s a Trojan designed to surreptitiously sign users up for premium services, and to steal victim’s SMS messages, contact list and device information. Furthermore, the malicious code has been detected it in 24 apps on GooglePlay with over 472,000+ installs in total. Cybercrime operators have specifically targeted victims in 37 countries: Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and United States. Most of the infected apps contain a list of Mobile Country Codes (MCC) and the victim has to be using a SIM card from one of these countries in order to receive the second stage payload.

The cyber security experts: The malware employs notably stealthy tactics to perform quite malicious activities on GooglePlay, while hiding within the advertisement frameworks and not exposing too much of its malicious code out in the open

According to the cyber security experts, Joker employs notably stealthy tactics to perform quite malicious activities on GooglePlay, while hiding within the advertisement frameworks and not exposing too much of its malicious code out in the open. The earliest occurrence of the Android malware in the wild comes from DNS metadata, which suggests that the Trojan family has begun its recent campaigns in early June 2019. However, the major version digits in the build names give an impression of a slightly longer life cycle, potentially with more campaigns in the past. It is designed in a job-scheduler fashion, meaning that it periodically requests new commands from the C&C server. When found, it executes them in strict order and then reports the results, depending on the type of the given task. 

Back To Top