Batman can’t help you with this “Joker.”
A bad batch of Android apps briefly available in the Google Play store amassed hundreds of thousands of downloads — and they reportedly carry a malware code designed to sign you up for subscription-based services without user knowledge.
The bug, called “Joker,” can easily fly under the radar of those who don’t pay close attention to their bank and credit statements, according to cybersecurity researcher Aleksejs Kuprins at CSIS Security Group.
“So far, we have detected it in 24 apps with over 472,000 installs in total,” Kuprins wrote on CSIS’ Medium blog. He says the virus also “steals the victim’s SMS messages [and] the contact list and device info.”
Kuprins added that a “majority of the discovered apps target the EU and Asian countries,” including China, Brazil, France, United Arab Emirates, Singapore, and the UK, and that most (but not all) of these apps actually avoid US- and Canada-based users.
“Some of the bot’s code comments are written in Chinese, which could be a hint in terms of geographical attribution,” Kuprins wrote.
Google has since removed the infected apps from its store, but those who already purchased and downloaded one of these apps should uninstall immediately, and check your Google Play account and bank accounts for any unfamiliar subscriptions and charges — going as far back as June of this year.
Below is a full list of Joker apps:
Credit: Source link