Android is again at the center of a very serious alert that targets the phones of many people around the world, and again we are talking about problems that can cause a lot of headaches for a lot of people. More precisely, the people from Google resorted again to the deletion from the Google Play Store for Android of some dangerous applications that contained the Joker malware, which was discovered quite some time ago and which turned out to be a big problem for some people's accounts.
Android was also affected by this problem a few months ago, but now it has returned to the attention of the whole world because applications that are infected with the Joker malware have reappeared in the Google Play Store. No less than 11 applications of this kind were discovered by a company specialized in IT security, managing to detect them after they had already been installed several tens of thousands of times on some people's Android phones.
Android: The New Alert That Targets Many People's Phones
Android is targeted by this malware because it is used by hackers to subscribe users to expensive online services, all without people knowing what is really happening. The malware is also intended to intercept the SMS and notifications that come to Android phones so that the victims do not know when the money they pay for these services, which are very expensive and can leave people without a lot of money, start to be withdrawn from their accounts .
“Despite public awareness of this particular malware, it continues to find its way into the official Google app market using changes in its code, execution methods, or payload retrieval techniques. Unlike the previous campaign where payloads were retrieved from Alibaba Cloud, in this campaign we saw Joker-infected apps download the mediator payload with URL shortening services such as TinyURL, bit.ly, Rebrand.ly , zws.im or 27url.cn to hide known cloud service URLs serving stage payloads”
Android is this time attacked by hackers using a different method than the previous ones, so that the source code is no longer distributed through Alibaba's cloud infrastructure, but through very popular address shorteners. This makes it even more difficult to discover those behind the attack that has generated a lot of headaches until now, but the good part is that Google removed the 11 applications that were discovered with this serious malware.
Android does not have any protection method implemented by Google against this type of malware, so only users can protect themselves against attacks of this kind.
