Android users, it’s time to buckle up, no more business as usual! The Joker Virus is out again. It has been identified as a dangerous virus that silently empties victim’s bank accounts. In a statement by Belgian authorities, Joker was referred to as a “malicious program”. The Belgian Police have warned about the return of the ‘Joker’ virus, which attacks Android devices and hides in various applications on the Google Play Store. This malware has been described as capable of subscribing users to paid services without their knowledge and emptying their bank accounts without them noticing. The last time we heard about it was back in June when it was found in 8 Android apps on Play Store which has now been removed by Google.
Joker is one of the most persistent malware that continually targets Android devices. It was first detected in the year 2017. According to a researcher at Quick Heal, Joker steals users ‘data, including SMS, contact list, device info, OTPs, and more. “You risk a big surprise at the end of the month in your bank account or on your credit card,” said the Belgian police, warning of the app as it subscribes the affected Android user to paid services without them getting to know. In fact, it is very common for those affected by the ‘Joker Virus’ to become unaware of the theft until they review their account statement in detail. Usually, this is because the bank does not suspect an apparently ‘normal’ subscription and, generally, the charges are so small that they are not detected as unusual movements, so they do not even send a usage alert to the account holder.
Not too long ago, the Joker was detected in 24 Android applications that are available on the Google Play Store. The worst part? Over 500,000 devices had downloaded the infected applications before Google began removing them in September 2020. It was estimated that time to have affected users’ in more than 30 countries including the United States, Brazil, and Spain. Through unauthorized subscriptions, hackers could steal up to $7 per subscription weekly, a figure that has most likely increased in recent months.
The ‘Joker’ Trojan virus belongs to a family of malware known as Bread, the objective of this malware remains to hack cell phones and authorize operations without the user’s consent. Since the beginning, apps infected with ‘Joker’ or another Malware from this family carried out fraud via SMS, but then began to attack online payments. These two techniques take advantage of the integration of telephone operators with vendors, to facilitate the payment of services with the mobile bill. Both require verification of the device, but not the user, thus they manage to automate payments without requiring any user interaction.
Some of the harmful applications that the Google Play Store identified to have contained the ‘Joker’ virus and eliminated after detecting are Auxiliary Message, Element Scanner, Fast Magic SMS, Free CamScanner, Go Messages, Super Message, Super SMS, and Travel Wallpapers. The cybersecurity company Zscaler, cited by La Razón, made public names of 16 other apps that, according to their analysis, also contain this malicious code: Private SMS, Hummingbird PDF Converter – Photo to PDF, Style Photo Collage, Talent Photo Editor – Blur focus, Paper Doc Scanner, All Good PDF Scanner, Care Message, Part Message, Blue Scanner, Direct Messenger, One Sentence Translator – Multifunctional Translator, Mint Leaf Message-Your Private Message, Unique Keyboard – Fancy Fonts & Free Emoticons, Tangram App Lock, Desire Translate and Meticulous Scanner
Of course, the recommendation right now for Android users is to check if they have any of these apps installed on their smartphone and delete them immediately since the fact that they are deleted from the Google Play Store means automatic uninstallation from the computers where they were downloaded. In all, ensure none of these apps are installed on your phone, and you’re good to go.