The Joker malware, which stole money from people’s account by signing them up for premium subscriptions, is back on the Google Playstore, just months after Google said it won against the malware after a three-year-long fight. It’s one of the most persistent threats plaguing the popular app store, according to Google, and now it’s back.
A report from cybersecurity firm Check Point claims new variants of the malware, termed Joker Dropper and Premium Dialer Spyware was spotted in Google Play. The spyware made a comeback, by following old techniques used by PC malware to avoid detection.
The updated version of the Joker malware was reportedly able to download additional malware to the device after the infected apps were installed. The threat is the same as before — The malware subscribes you to premium services without the user’s knowledge.
The firm claims they have found 11 such seemingly legitimate apps that house the virus. The virus reportedly hides in the ‘essential information’ file every Android app compulsorily needs to have.
The report also attacked the Google PlayStore for not doing enough. “We were able to detect numerous cases of Joker uploads on a weekly basis to Google Play, all of which were downloaded by unsuspecting users. The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections,” a spokesperson for Check Point told TOI.
Google has rolled out Google Play Protect to devices that run on Google services to offer real-time protection against threats from apps downloaded from Google Playstore.