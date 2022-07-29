According to an analysis by ESET, a cyber threat detection company, a virus for smartphones with operating system has gained popularity. This is Joker, also known as Bread, which has been active since 2017 and stands out for its ability to bypass Google Play’s security mechanisms and reach the official Android store under different types of applications.

This malware, categorized as spyware, intercepts SMS messages reaching a victim’s device, subscribes to premium services and spreads unwanted advertising. Between April and June 2022, several applications were removed from Google Play for having received complaints for containing this type of trojan.

One of the last apps to be removed from the platform was the PDF Reader Scanner, which had already been downloaded by more than five thousand users. According to ESET data, variants of this malware were found hidden in this application in several countries, including Latin America.

In addition to PDF Reader Scanner, so far in 2022, there are constant reports of applications available on Google Play distributing this virus. On Twitter, dozens of malicious apps have been reported in recent months, some registering up to 10,000 downloads. One of the reasons Joker continues to break through Google Play’s security barriers is because cybercriminals have been looking for new techniques.

Which apps spread the virus

According to ESET, there are at least 20 apps that distribute the Joker virus via apps on Google Play. Most have already been removed from the official store. Check out:

All QRCode Scanner

PDF Scanner Reader

Wow Translator

Rainy Day Wallpaper

Neon Live Wallpaper

Plenty Emoji Messages

Cute Photo Editor

All Wallpaper SMS

All Photo Translator

Smart CMM Launcher

CamHipro

Cool Messages

Sketch Photo Editor

Blood Sugar Log

Bubble Message

Create Photo Stickers

Shining Live Wallpaper

Toy Blast Star-Falcon

RGB Emoji Keyboard

Camera Translator Pro

Each of the apps performs additional functions on the phone, such as QR Code readers, wallpaper, camera add-ons, emojis for messaging apps, and more.

In addition to fulfilling their promised function, they also downloaded malicious content, allowing attackers to perform actions in the background without the victim noticing. Accessing the contact list, sending SMS messages and subscribing to premium services are examples of things cybercriminals can do without the victim noticing. In addition to other more advanced features like adding an interface into legitimate apps to steal credit card information.

It is not the first time

In 2020, Google removed over 1,700 apps containing this malware from Google Play. In October 2021 and at the height of the Round 6 series, ESET reviewed a character wallpaper app that distributed Joker and had over 5,000 downloads. This is a clear example of how criminals take advantage of the popularity of certain topics to carry out scams.

ESET advises paying attention to the permissions requested by applications at the time of installation. You may notice that some apps ask for unnecessary permissions, which can alert you to a suspicious intent. It is also advisable to install a reliable security solution on your phone and keep it up to date.

In addition, while the recommendation to download applications only from official stores remains, it is not enough to do just that. It is important to read the comments and ratings that other users have made about the performance of the app, check the number of downloads and who is the developer of the app.

Other malware

In June, according to Check Point’s Threat Index, the most prevalent smartphone viruses were:

AlienBot is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker gains access to victims’ accounts and eventually completely controls the device.

Anubis is a banking Trojan designed for Android smartphones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording features, and various ransomware features. It has been detected in hundreds of different apps available on the Google Store.

MaliBot is an Android banking malware that was detected targeting users in Spain and Italy. This malware disguises itself as cryptocurrency mining apps with different names and focuses on stealing financial information, cryptocurrency wallets and more personal data.