Malware capable of sending users’ contact lists to an attacker-controlled server and signing them up to unwanted paid premium subscriptions.
The internet age has seen a major danger piggy-riding innovation, and this has always prompted security experts to swing into trouble shooting mode. After having witnessed tens of thousands of malware attacks, the web world is now battling a more potent security threat.
The danger came to the fore after around 500,000 Android users downloaded a malicious app from the Google Play app store. The app was detected as hosting malware.
The malware, on investigation was found, as capable of exfiltrating users’ contact lists to an attacker-controlled server and signing them up to unwanted paid premium subscriptions. All these without even the user knowing about it all the time.
Joker, no laughing matter
Termed Joker, the latest malware, reportedly, was found in a messaging-focused app called Color Message. The malware was also found to be simulating clicks in a bid to pocket revenue from malicious ads and connecting to servers located in Russia. Google has swung into action by kicking out the app from its marketplace.
Though the Color Message developers had made it clear in its terms and conditions that they have the right to alter the app or charge for services extended at any time and for any reason and that they would not charge users for the app or its services without informing all details of what the users pay for, it was not to be so. The malware crawled into contact lists and went about signing them up to unwanted paid premium subscriptions.
Malware manage to infiltrate; stay off security gates
It was in 2017 that Joker was first found to be playing on after it effected a slew of malicious activities. These included fraudulent billing, SMS interception and peeking into contact details and device information. The users were totally unaware of all these being done inside their Android operating systems.
Google Play had remained very cautious to such potential attacks but apps that host malware have most of the time escaped the security glare. By deploying an array of camouflaging techniques and cloaking, malware have managed to infiltrate into systems.
With more than 500,000 Android users downloading the malicious app, Joker seems to be having the last laugh. Will security prevail?