Security News
A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."
Always a thorn in Google's side, the Joker malware arrived as a new variant a few months ago and evaded Google Play Protect to infect legitimate apps and sign people up to premium services. Check Point researchers disclosed its findings to Google, which removed 11 identified apps from Google Play by April 30, 2020.
In a report published by Check Point research today, the malware - infamously called Joker - has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point's Aviran Hazum, who identified the new modus operandi of Joker malware.
Indian banks are once again facing a fraudster field day as more stolen payment card data appears for sale on cybercrime markets. Three months after a massive batch of card data that traced to Indian banks appeared on the notorious Joker's Stash cybercrime marketplace, a fresh "Dump" of data is being offered for sale.
Joker was the hottest film among cybercriminals with 304 malicious files named after Batman's arch-nemesis, says security firm Kaspersky. Looking at malware inspired by the Oscars, researchers at Kaspersky discovered more than 20 phishing websites and 925 malicious files that were presented as free movies.
Tom: Well, yeah, I will say that in a situation when you have a zero day or you have an unpatched vulnerability, I could make an argument that it is irresponsible and you know the disclosure of a PoC might be better suited for a bad channel as opposed to a chest-beating researcher who just wants some fame and maybe not so much fortune. I think it was called Cable Haunt and it was in multiple cable modems that are used by ISPs to provide broadband into homes so you know what's going on there?
Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware - and in an analysis of the code, said that Joker's operators have "At some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." The internet giant said that having three or more active variants of Joker in circulation at the same time using different approaches or targeting different carriers is the norm; and at peak times of activity, up to 23 different apps from the Joker family have been submitted to Play in one day.
Fraudsters Invited to Dine Out on 460,000 Stolen Turkish Payment CardsThe notorious Joker's Stash carding forum has recently listed for sale 460,000 records, including never-before-seen payment...
Carder Forum Listing Appears Tied to Breaches at Four Restaurant ChainsThe notorious Joker's Stash carder marketplace has a fresh listing for payment card data that appears to have been stolen...
1.3 million stolen cards, mostly from India, could fetch $130 million for the cybercrooks.