The security researchers have spotted a new way to fraud the users by creating malicious applications that were used to hijack the SMS notifications that lead to the billing fraud. The applications have now targeted users located in Southwest Asia and Arabian Peninsula and more than 700,000 users have downloaded these applications.

The experts also said that these applications deal with photo editors, wallpapers, keyboard skins, camera-related apps, and puzzles. As the users download this application the malware that was embedded in these fake applications will steal the SMS notifications of users and the hackers make unauthorized purchases with them.

However, this application is named Joker malware, which is repeatedly reported while sneaking the Google Play defenses in the past four years, which result in Google is removing the 1700 infected applications from the Play Store. The malware that causing the fraud and having the capabilities to steal the SMS messages and contact list with device information. The malware also typically deploy the technique called versioning which further refers while uploading and adding the malicious code using the various updates.

Whereas, the additional code that was injected in the first-stage payload is also seemingly innocuous. PNG file and also create a command-and-control server while retrieving the secret key that is used to decrypt the file to the loader. After that, the payload encrypted another decrypted file to install the malware.

According to the investigators and the C2 servers also revealed the user’s personal information that includes the phone number, SMS message, IP address, network status, carrier details, and many more.

List of Applications that Spread Malware

The experts also share the list of nine application that spread this malware are listed below;

• Keyboard Wallpaper (com.studio.keypaper2021)
• 2021 Wallpaper and Keyboard (org.my.favorites.up.keypaper)
• Picture Editor (com.ce1ab3.app.photo.editor)
• PIP Camera (com.hit.camera.pip)
• Barber Prank Hair Dryer, Clipper and Scissors (com.super.color.hairdryer)
• Keyboard Wallpaper (com.daynight.keyboard.wallpaper)
• Pop Ringtones for Android (com.super.star.ringtones)
• Cool Girl Wallpaper/SubscribeSDK (cool.girly.wallpaper)
• PIP Photo Maker (com.pip.editor.camera)

Summering Up

Although, the users who are downloaded these applications are requested to check for unwanted activities or transactions. Users also check and verify that these applications will not take any suspicious permissions that may leak the user data. Check the permission requested by the application carefully and scrutinize the applications before they are downloaded or executed on the device.

The experts are identifying how the Joker operators repeatedly executing the malware in the applications and listed them on the Google Play Store, after caught multiple times how these applications work.