Security News > 2020 > September > Google removes 17 Android apps designed to deploy Joker malware
The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.
Google has long been locked in a battle with cybercriminals who create and submit malicious apps to the Play store that somehow sneak past the company's protections.
One especially pervasive and problematic piece of malware is the one dubbed Joker, aka Bread. In the latest round, Google was forced to put the kibosh on 17 malicious apps uploaded in September that tried to infect unsuspecting users with the Joker malware.
In some infected Android apps, a two-stager payload is used to download the final payload. In this latest instance, the infected apps used a multilayered approach by downloading the stage one payload, which downloaded the stage two payload, which finally loaded the Joker payload. In this case, the infected apps contacted the C&C server for the stage one payload URL, which was hidden in the response header.
Though Google removed the apps in question, the company continues to face a challenge from the Joker malware as it keeps evolving to evade the Google Play Protect security built into the app store.
News URL
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Fake Google Meet conference errors push infostealing malware (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)