Joker: Millions of Android phones are infected with horrific malware

Joker: Millions of Android phones are infected with horrific malware ...

Even the most benign looking Android applications on the Google Play Store can be dangerous as cybercriminals continue to develop clever methods to bundle malware with popular apps.

According to a 2020 study (opens in a new tab) (PDF) from NortonLifeLock, Google Play has discovered two-thirds of Android malware. This makes sense as it is the largest official Android app store and is pre-installed on the best Android phones.

The famous Joker malware has made headlines in the past, but a new blog post (opens in a new tab) from Kaspersky highlights a similar malware strain called Harly, named after the DC villains on-again and off-again girlfriend.

On the Play Store, more than 190 malicious apps infected with the Harly malware have been discovered. While a conservative figure for the number of times these malicious apps have been downloaded is 4.8 million, the actual figure may be even higher.

Joker malware vs Harly malware

Cybercriminals using the Harly malware to infect Android devices download regular applications from the Play Store, insert malicious code into them, and then upload these new applications under a different name.

Most users don''t know a thing as the now altered apps include the features listed on their Play Store pages.

Apps containing the Joker malware use multi-stage downloaders to receive their malicious payloads from command and control servers controlled by an attacker. With the Harly malware, however, the apps themselves contain the entire malicious payload and utilize different methods to decrypt and launch it.

Signing victims up for subscription services

While Joker and Harly work a bit differently under the hood, both malware strains are used to sign up users whose devices have been infected for expensive subscription services without their knowledge.

Harly collects information about a user device along with details about the mobile network they are using. The phone then switches from Wi-Fi to a mobile network, and the malware contacts the C&C server to set up a list of subscriptions to sign up.

Harly opens the subscription websites in an invisible window, enters a victim phone number, presses the required button, and even enters confirmation codes via text. The result is that the victim is unable to sign up for a subscription service.

Harly is even capable of calling specific phone numbers when necessary, and by confirming subscriptions.

How to stay safe from malicious Android apps

Despite Google''s best efforts, malicious apps end up on the Play Store. This is why you should carefully investigate the reviews and ratings of each app you download. It is also important to check online for written or video reviews of any app you have purchased on your Android device.

You should also ensure that Google Play Protect is enabled on your device as it scans all of your applications as well as new ones for any signs of malware. However, you may want to install one of the best Android antivirus apps.

When making purchases on devices, you must be careful when making use of a simple flashlight, address book, or translation app. It is always worthwhile to ask yourself if this app is really needed first.