Security News > 2020 > July > Joker Malware Apps Once Again Bypass Google's Security to Spread via Play Store

In a report published by Check Point research today, the malware - infamously called Joker - has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device.
"The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point's Aviran Hazum, who identified the new modus operandi of Joker malware.
Campaigns involving Joker gained more foothold last year, with a number of malware-infected Android apps uncovered by CSIS Security Group, Trend Micro, Dr.Web, and Kaspersky, repeatedly finding unique ways to exploit gaps in Play Store security checks.
"As the Play Store has introduced new policies and Google Play Protect has scaled defenses, Bread apps were forced to continually iterate to search for gaps," Android's Security & Privacy Team said earlier this year.
As of January 2020, Google has removed more than 1,700 apps submitted to the Play Store over the past three years that had been infected with the malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/XH6GIqWnLaE/joker-android-mobile-virus.html
Related news
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)