科技创新!
'Joker' malware secretly charges Android owners' credit cards
This new Android malware may be the most twisted yet.
An interesting new type of malware has been uncovered, coded within two dozen Android apps that have accumulated hundreds of thousands of downloads in the Google Play store.
Android users who downloaded any of the apps embedded with this malware, dubbed “the Joker,” will need to check their credit card bills. Joker’s purpose, once deployed, is to sign up its victims to subscription services without their knowledge or consent. This new malware was first detected by CSIS Security Group malware analyst Aleksejs Kuprins, who has been monitoring the malicious code and penned a detailed analysison Joker.
SEE ALSO: Here’s how malicious Android apps are sneaking malware onto your phoneAccording to Kuprins, the malware “delivers a second stage component, which silently simulates the interaction with advertisement websites, steals the victim’s SMS messages, the contact list and device info.” Basically, any user that was infected by Joker possibly had their phone’s texts and contact list stolen, too.
But the simulated interactions are where Joker gets a bit more twisted.
“The automated interaction with the advertisement websites includes simulation of clicks and entering of the authorization codes for premium service subscriptions,” writes Kuprins. “For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”
According to Lifehacker, the list of apps harboring the Joker malware include Advocate Wallpaper, Age Face, Altar Message, Antivirus Security - Security Scan, Beach Camera, Board picture editing, Certain Wallpaper, Climate SMS, Collate Face Scanner, Cute Camera, Dazzle Wallpaper, Declare Message, Display Camera, Great VPN, Humour Camera, Ignite Clean, Leaf Face Scanner, Mini Camera, Print Plant scan, Rapid Face Scanner, Reward Clean, Ruddy SMS, Soby Camera, and Spark Wallpaper.
Kuprins says that in total, the 24 apps racked up more than 472,000 downloads in the Google Play store. The apps have since been removed. If a user has any of those apps on their phone, they should be deleted.
According to the report, the current iteration of Joker malware campaign appears to go back as far as June of this year. Kuprins notes that Google removed the apps before his security firm reached out to the company, so it appears that the tech giant has been monitoring the situation as well.
Malwarehas longbeen a problemplaguing Android devices. Facebook has even gone so far as to file a lawsuitlast month against one developer, whose malware-ridden Android app engaged in click fraud on the social media company’s ad network.
While other recent Android-targeted malware campaigns have had broaderreach, such as “Agent Smith,”which has infected 25 million devices, Joker’s automated subscription attack certainly makes it among the more interesting.
Featured Video For You
The computer worm that changed the world
友链
外链
互链
Copyright © 2023 Powered by
'Joker' malware secretly charges Android owners' credit cards-款曲周至网
sitemap
文章
783
浏览
93947
获赞
1166
热门推荐
Here's why everyone's mad about Kylie Jenner's new walnut scrub
Kylie Jenner announced her new skincare line, Kylie Skin, on Tuesday. The collection includes six prNetflix for Android can now download your favorite shows automatically
Netflix is making it easier to keep track of your favorite shows.Today, the company announced it wilThe Notes app: Where our weirdest, purest selves reside
This isOde To..., a weekly column where we share the stuff we're really into in hopes that you'll beU.S. officials say Russian hackers infiltrated electric utilities
No need to panic, folks! Just Russian hackers claiming "hundreds of victims" to infiltrate U.S. elecGood news everyone, Logan Paul doesn't actually think the Earth is flat
Logan Paul is many things, but thankfully he is not a flat Earther. In a 50-minute, 2-second mockume'Superstars of STEM' want to engage more women in science and here's how
Superstars of STEMis a new program by Science and Technology Australia that aims to smash the stereoLawmakers send bipartisan letter to Google asking it to end partnership with Huawei
Google's got mail.Lawmakers from the Senate and House sent a letter today to Google boss Sundar PichU.S. Defense Department developing tools to catch deepfakes
The U.S. Defense Department is already preparing itself for the fight against deepfakes, fake audioArtists on Twitter are drawing their favorite shipping dynamics for this new meme
Once you've binge-watched enough Netflixshows, you start to see a pattern in the characters you getAmazon boss Jeff Bezos was the richest person in modern history today
Jeff Bezos, the Amazon founder and chief executive, is certainly having a happy Prime Day today.AccoAll dads should carry around their daughter's fugly doll, like this tough guy
It sucks when dads are praised as heroes for doing the stuff mums do every day. So instead of sayingFrom iPhone 9 to iPhone XS: What will Apple call the 2018 iPhones?
Let me blow your mind with this rumor: Apple is going to unveil new iPhones in the fall.Yes, that weTim Cook calls out 'senseless killing' of George Floyd in WWDC opening remarks
Tim Cook took the stage this morning at Apple's Steve Jobs Theater in Cupertino, California to talkThe DNC just served Wikileaks with a lawsuit over Twitter
Wikileaks just got served with a tweet.On Friday, the law firm representing the Democratic NationalThe next Russian attack on U.S. elections could be more serious than Facebook memes
This is not a drill. Nor, alas, is it the fever dream of a Cold War hack novelist, as much as it sou