The Joker Android malware operators have continuously managed to slip spyware infected apps onto the Play Store, which is Google’s official Android app store. Android applications infected with the Joker malware have been tracked since 2017 and were originally designed to perform SMS fraud. However, the Joker operators have now switched to new tacts after Google reformed Play Store policies to prevent malicious apps from becoming available.
Joker malware has updated to be used for a type of mobile billing fraud known as troll fraud. This new tactic allows Joker’s operators to use malicious apps to trick victims into buying various types of content via their mobile phone bill. The new variant successfully slipped into the Play Store and infected Andriod users through hiding the payload, allowing the malware to avoid detection when being analyzed during the submission process. Check Point researchers found and reported 11 apps infected with the malware, resulting in their removal.
Read More: Joker Android malware keeps evading Google Play Store defenses