Making things worse, The Joker malware is an infamous example of Android malware, which can spread undetected via the Google Play Store. With malware like the Joker, people's sensitive data can be stolen, victims can have their privacy compromised, and can be signed up for premium services without their consent or knowledge. Once these settings have been allowed by the user, the malware has the control it needs to carry out its malicious activities.Īmong the 11 apps, the app Font Style Keyboard was found to incorporate new changes from the older payloads.Īnd unlike previous Joker campaigns, the app has a stage payload that is also doing command and control communication.Īndroid malware is becoming increasingly prevalent as more and more users come online. Giving it access will allow the malware to potentially read all notifications posted by the device and any other installed apps. Once installed, the malware prompts for notification access. Things go beyond that, as the Joker malware payloads can also abuse the notification access functionality. In other words, the malicious actors behind the malware have given the Joker some new tricks under its sleeves. Unlike the previous campaign where the payloads were retrieved from the Alibaba Cloud, in this campaign we saw the Joker-infected apps download the mediator payload with URL shortener services like TinyURL, bit.ly, Rebrand.ly, zws.im or 27url.cn to hide the known Cloud service URLs serving stage payloads."
This time we saw Joker using URL shortener services to retrieve the first level of payload.
"Joker is well known for changing its tactics to bypass the Google Play store vetting process.
0 kommentar(er)
