More threads by David Baxter PhD

David Baxter PhD

Late Founder
Android User? Delete These Apps Now
by John Lister,
September, 10 2019

Nearly half a million users have been infected with "The Joker" malware through the Google Play store. The malware is particularly nasty and works by signing users up to premium services without their knowledge.

The malware, spotted by researcher Aleksejs Kuprins, was found in 24 apps with a combined 472,000 downloads - though more apps may be found later. As of this writing, the 24 known apps have been removed from the Google Play store. (Source: techradar.com)

Infected Apps Need to be Removed
If you have any of the following apps installed on your phone, they should be removed immediately. The infected apps list is as follows:

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security - Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper
Scam Happens Out Of Sight
As is a familiar story with Android malware, most of the apps claimed to perform a simple task, and it appears the to be delivered as promised. The problem was what happened behind the scenes. The Joker malware is specially crafted to only work if the user's SIM card is registered in one of 37 countries, including the US, Brazil, Australia and most of Europe and Asia. All of these countries have mobile networks that allow users to subscribe to digital services, with the charges applied to their monthly phone service fee or taken out of a pay-as-you-go credit balance.

The compromised apps are set up to receive encrypted instructions from a remote server, making it less likely they'll be spotted by security scans. The app will then usually display a screen with the app logo while "loading." In fact, this was when the nefarious activity was happening behind the scenes.

Malware Scans Incoming SMS
Once activated, the malware secretly loads a subscription page (which the user can't see) and signs up to a service. It then continues working in the background, looking for a confirmation code sent via SMS text message - something that's designed to be a security measure.

The malware intercepts the message, copies the code and provides it to the subscription service as if the user had typed it in. The user is then hit with a monthly charge, which is usually quite small - around $7.40 USD in one case. (Source: medium.com)

The scheme appears to be to go for a large number of victims while keeping the individual amounts small enough that there's less chance of people spotting the scam, unless they check their bills carefully.
 

GaryQ

MVP
Member
What's ironic is google is spending an enormous amount of time and money searching for and divulging apple IOS vulnerabilities while Android is like the swiss cheese of Security with so many security holes and open attack vectors. not to mention most are distributed via their store :facepalm:
 

David Baxter PhD

Late Founder
^^ Totally agree. They gloat when they find an iPhone vulnerability. But when they find one, Apple usually has a bug fix shipped within a day or two. Google can't make the same claim.

And people complain about how long it takes for Apple to approve apps. This is why it takes that long.
 

GaryQ

MVP
Member
Yep. I usually feel somewhat secure when on the extremely rare occasion I add an app to my phone. I used to think (still do) that iPhones are bloody expensive but looking at what You have to pay for a Samsung phone to have google insecurity And ET phoning home more than windows 10. I’ll be sticking with Apple and my 5S is still holding up and hopefully will hold up till one of my friends upgrades in a year or 2 and buy their phone like an iPhone 8 or maybe something better.
 

David Baxter PhD

Late Founder
I upgraded to an iPhone 8+ only to get a bigger screen to make it easier to read. I kept my 5SE as a backup; it’s still working fine as is my son’s SE. Great phone. Small, lightweight, reliable. I simply needed bigger fonts as my cataract got worse.
 

GaryQ

MVP
Member
on the subject of mobile while on this forum... that new sidebar you added ... does weird stuff with the full site pages (old theme anyway)



IMG_1056.jpg


IMG_1057.jpg
 

David Baxter PhD

Late Founder
Okay. I've disabled it for now on mobile devices but note that that old style is hopelessly out of date. I only kept it for you. :)

Or you could try Tapatalk...
 

GaryQ

MVP
Member
Okay. I've disabled it for now on mobile devices but note that that old style is hopelessly out of date.
I like it.. so Did Steve if I recall. Guess some of us old folk don't like change as much. Tried the new theme (sorry, nothing personal) but not a fan of it

I only kept it for you. :)

Thanks :up:

Or you could try Tapatalk...

No Thanks ( We need to have a thumbs down thingy)
Only Spyware allowed on my cellphone are apple default apps. Anything social or "socially helpful" not permitted.
 
Replying is not possible. This forum is only available as an archive.
Top