Security News

The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. [...]

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. "Instead of waiting for apps to gain a specified volume of installs and reviews before swapping for a malware-laced version, the Joker developers have taken to hiding the malicious payload in a common asset file and package application using commercial packers," the researchers explained the new tactic adopted by the persistent malware to bypass detection.

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Despite continued attempts on the part of Google to scale up its defenses, the apps have been continually iterated to search for gaps and slip into the app store undetected.

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message, which has since been removed from the official app marketplace.

The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers - a type of billing fraud that researchers categorize as "Fleeceware." Often, the victim is none the wiser until the mobile bill arrives.

Joker has been around since 2017, disguising itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators and wallpapers. Once installed, Joker apps silently simulate clicks and intercept SMS messages to subscribe victims to unwanted, paid premium services controlled by the attackers - a type of billing fraud that researchers categorize as "Fleeceware." The apps also steal SMS messages, contact lists and device information.

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web. Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.

More than 500,000 Huawei users have downloaded from the company's official Android store applications infected with Joker malware that subscribes to premium mobile services. These ten apps were downloaded by more than 538,000 Huawei users, Doctor Web says.

2020 turned out to be a tough year for Joker's Stash. Gemini Advisory, a New York City-based company that monitors underground carding shops, tracked a "Severe decline" in the volume of compromised payment card accounts for sale on Joker's Stash over the past six months.

Joker's Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021. The representatives of the carding service pointed out that, although the marketplace has become highly popular, the team is getting a "Well-deserved retirement."