New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker’s choice, such as stealing text messages, contact lists, and device information. Despite continued attempts on the part of Google to scale up its defenses, the apps have been continually iterated to search for gaps and slip into the app store undetected. “They’re usually spread on Google Play, where scammers download legitimate apps from the store, add malicious code to them and re-upload them to the store under a different name,” Kaspersky researcher Igor Golovin said in a report published last week. The trojanized apps, taking the place of their removed counterparts, often appear as messaging, health tracking, and PDF scanner apps that, once installed, request permissions to access text messages and notifications, abusing them to subscribe users to premium services.

Analyst Notes

Be aware that while downloading Android software from the Google Play Store might seem safe, there have been threat actors who have succeeded in distributing Android malware by trojanizing legitimate apps. Always be sure to read reviews for a mobile app you are installing, check the legitimacy of the developers, the terms of use, and only grant permissions that are essential for the app to perform the intended functions.