Security News > 2020 > September > Google removes 17 Android apps designed to deploy Joker malware

The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.

Google has long been locked in a battle with cybercriminals who create and submit malicious apps to the Play store that somehow sneak past the company's protections.

One especially pervasive and problematic piece of malware is the one dubbed Joker, aka Bread. In the latest round, Google was forced to put the kibosh on 17 malicious apps uploaded in September that tried to infect unsuspecting users with the Joker malware.

In some infected Android apps, a two-stager payload is used to download the final payload. In this latest instance, the infected apps used a multilayered approach by downloading the stage one payload, which downloaded the stage two payload, which finally loaded the Joker payload. In this case, the infected apps contacted the C&C server for the stage one payload URL, which was hidden in the response header.

Though Google removed the apps in question, the company continues to face a challenge from the Joker malware as it keeps evolving to evade the Google Play Protect security built into the app store.

News URL

https://www.techrepublic.com/article/google-removes-17-android-apps-designed-to-deploy-joker-malware/#ftag=RSS56d97e7