Joker malware returns to target millions more Android devices

malware
(Image credit: Shutterstock)

The notorious Joker malware has once again found its way into the official Google Play Store by making subtle tweaks to get past automated checks, reports have claimed.

The Joker family of malware has been infecting apps on Google's Play Store for the last few years, and has even cropped up on other prominent app stores such as Huawei’s.  

“Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques,” suggests researchers from cloud security firm Zscaler.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Zscaler suggests that the Joker spyware is designed to steal SMS messages, contact lists, and device information and will also silently sign up victims to premium wireless application protocol (WAP) services.

Stay vigilant 

Zscaler's team has had its eye on Joker for some time now, and were recently alerted by a spate of uploads on the Play Store. After verifying the presence of the malware, the researchers alerted the Google Android Security team, which promptly removed over a dozen suspicious apps flagged by the researchers.

In their analysis of this latest Joker strain, Zscaler notes that the malware employs three different tactics to bypass Google Play’s vetting process.

One involves directly embedding the URL of the command and control (C2) server in the code itself masquerading it with the help of string obfuscation. Other techniques involve downloading one or two stager payloads, whose URLs are AES encrypted to make them illegible.

The final payload of all three tricks is the malicious code that employs DES encryption to execute its malicious spyware activities.

Given the ease with which the malware managed to sneak past Google’s filters, the researchers suggest users to be alert and always pay close attention to the permission sought by apps they want to install, keeping their eyes peeled for “risky permissions” related to messages, call logs, contacts, and other sensitive areas on the device.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
mobile phone
Popular Android financial help app is actually dangerous malware
malware
Google warns of legit VPN apps being used to infect devices with malware
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts&#039; web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000