Security News > 2020 > September > Google removes 17 Android apps designed to deploy Joker malware
The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.
Google has long been locked in a battle with cybercriminals who create and submit malicious apps to the Play store that somehow sneak past the company's protections.
One especially pervasive and problematic piece of malware is the one dubbed Joker, aka Bread. In the latest round, Google was forced to put the kibosh on 17 malicious apps uploaded in September that tried to infect unsuspecting users with the Joker malware.
In some infected Android apps, a two-stager payload is used to download the final payload. In this latest instance, the infected apps used a multilayered approach by downloading the stage one payload, which downloaded the stage two payload, which finally loaded the Joker payload. In this case, the infected apps contacted the C&C server for the stage one payload URL, which was hidden in the response header.
Though Google removed the apps in question, the company continues to face a challenge from the Joker malware as it keeps evolving to evade the Google Play Protect security built into the app store.
News URL
Related news
- Google patches exploited Android zero-day on Pixel devices (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)
- Singapore Police Extradites Malaysians Linked to Android Malware Fraud (source)
- New Medusa malware variants target Android users in seven countries (source)
- Snowblind malware abuses Android security feature to bypass security (source)