Security experts from Google have discovered a new spyware in 24 Play Store apps that, combined, have more than 472,000 downloads. Researchers have stated that this spyware also has the capabilities of normal malware and appears to have infected certain apps in Google Play with more than 100,000 installations. Cybercriminals are deploying this spyware through the advertisement framework in those compromised apps.
Introduction to Joker
This Joker spyware comes with two components: one that identifies the device location, and another that automatically subscribes users to the premium package offered in the ads by the campaign sponsors. All of Joker’s activities are controlled by a command and control (C&C) server operated by the cybercriminals.
Countries targeted by Joker
Joker has targeted these 37 countries: Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.
Joker-infected Android apps
The following applications have been infected by Joker:
1. Antivirus Security – Security Scan, App Lock
2. Dazzle Wallpaper
3. Collate Face Scanner
4. Reward Clean
5. Age Face
6. Altar Message
7. Rapid Face Scanner
8. Picture editing
9. Soby Camera
10. Great VPN
11. Humour Camera
12. Advocate Wallpaper
13. Ruddy SMS Mod
14. Ignite Clean
15. Print Plant scan
16. Leaf Face Scanner
18. Declare Message
19. Display Camera
20. Beach Camera
21. Mini Camera
22. Certain Wallpaper
23. Cute Camera
24. Spark Wallpaper
How to protect your Android devices against Joker
To simplify things, Google has already identified these 24 apps in the Play Store, confirmed their Joker infection, and removed them from the Play Store. However, this only blocks any future downloads of the infected apps.
Users that have already installed these apps in their devices will be issued a warning by Google Play, like the one users received for the CamScanner malware. So check your Android device for these apps and remove them before you end up handing over your personal data to Joker.
For organizations that manage corporate-owned, personally enabled (COPE), choose your own device (CYOD), and bring your own device (BYOD) environments, it’s better to include these 24 apps in the blacklisted or prohibited group of applications and deploy the policy to your managed devices. Blacklisting and whitelisting apps can be carried out using a mobile device management (MDM) or unified endpoint management (UEM) solution.
Thwart Joker with help from ManageEngine
If you already have an MDM or UEM solution, start rolling out your new configurations as soon as possible. If not, you can download ManageEngine’s unified endpoint management solution or mobile device management solution to blacklist infected applications and nullify Joker. Both of the above solutions come with a free trial for 30 days and offer a free edition, which will allow you to manage 25 mobile devices completely free.
Do not underestimate Joker; doing so could be lethal to your organization considering the current data protection laws like the GDPR and POPI for Europe and South Africa, along with upcoming laws like the CCPA and LGPD for the USA and Brazil.
The post The Joker’s in town. Time to secure your Android devices appeared first on ManageEngine Blog.
Powered by WPeMatico