The Joker's in town. Time to secure your Android devices

Joker spyware

Security experts from Google have discovered a new spyware in 24 Play Store apps that, combined, have more than 472,000 downloads. Researchers have stated that this spyware also has the capabilities of normal malware and appears to have infected certain apps in Google Play with more than 100,000 installations. Cybercriminals are deploying this spyware through the advertisement framework in those compromised apps.

Introduction to Joker  

This spyware secretly collects users' personal details, like contacts and other address book details, and is aptly named Joker. Joker uses the SMS collection module to confirm the user's country. All infected apps contain a sophisticated list of mobile country codes, which Joker openly exploits. Cybercriminals are also sending command and control codes that can be executed using a Javascript to keep their spyware alive.

This Joker spyware comes with two components: one that identifies the device location, and another that automatically subscribes users to the premium package offered in the ads by the campaign sponsors. All of Joker's activities are controlled by a command and control (C&C) server operated by the cybercriminals.

Countries targeted by Joker 

Joker has targeted these 37 countries: Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.

Joker-infected Android apps  

The following applications have been infected by Joker:

1. Antivirus Security - Security Scan, App Lock

2. Dazzle Wallpaper

3. Collate Face Scanner

4. Reward Clean

5. Age Face

6. Altar Message

7. Rapid Face Scanner

8. Picture editing

9. Soby Camera

10. Great VPN

11. Humour Camera

12. Advocate Wallpaper

13. Ruddy SMS Mod

14. Ignite Clean

15. Print Plant scan

16. Leaf Face Scanner

17. Boar

18. Declare Message

19. Display Camera

20. Beach Camera

21. Mini Camera

22. Certain Wallpaper

23. Cute Camera

24. Spark Wallpaper

How to protect your Android devices against Joker 

To simplify things, Google has already identified these 24 apps in the Play Store, confirmed their Joker infection, and removed them from the Play Store. However, this only blocks any future downloads of the infected apps.  

Users that have already installed these apps in their devices will be issued a warning by Google Play, like the one users received for the CamScanner malware. So check your Android device for these apps and remove them before you end up handing over your personal data to Joker.  

For organizations that manage corporate-owned, personally enabled (COPE), choose your own device (CYOD), and bring your own device (BYOD) environments, it's better to include these 24 apps in the blacklisted or prohibited group of applications and deploy the policy to your managed devices. Blacklisting and whitelisting apps can be carried out using a mobile device management (MDM) or unified endpoint management (UEM) solution.  

Thwart Joker with help from ManageEngine 

If you already have an MDM or UEM solution, start rolling out your new configurations as soon as possible. If not, you can download ManageEngine's unified endpoint management solution or mobile device management solution to blacklist infected applications and nullify Joker. Both of the above solutions come with a free trial for 30 days and offer a free edition, which will allow you to manage 25 mobile devices completely free.

Do not underestimate Joker; doing so could be lethal to your organization considering the current data protection laws like the GDPR and POPI for Europe and South Africa, along with upcoming laws like the CCPA and LGPD for the USA and Brazil.