Another day, another batch of Android apps that made it into the Google Play Store—accumulating hundreds of thousands of downloads—with some sneaky malware embedded in their code.
This time around, the malware is called “Joker.” As Aleksejs Kuprins writes over at the cybersecurity company CSIS, this particular malware is designed to silently sign users up for subscription services, something they might not even notice they did unless they’re diligent in checking their monthly credit card statements.
“For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”
While Google has since removed the offending apps from the Google Play store, they managed to rack up more than 472,000 total downloads before their excommunication. If you have any of these apps installed on your own Android phone or tablet—or, worse, you actively use them—it’s time to delete them ASAP.
If you have used any of these apps, it’s worth checking your Google Play account for any unexpected subscriptions, though we doubt you’ll find anything there. Instead, you’ll want to take a peek at your credit card or bank statements as far back as June of this year, which is when the Joker malware started kicking off its latest batch of auto-subscriptions. You might also want to let your contacts know that you were potentially infected, as Joker pilfers your entire contact list and uploads it to a command and control server.