Name of Malware: Joker

Type of Malware: Click fraud, info stealer, trojan

Affected Operating Systems: Android

Affected Device Types: Mobile phones, smartphones, tablets

Impact: high

What is Joker?

Joker is a trojan that is included in several unsuspecting apps that have been offered via the Google Play Store, among others. The malware silently interacts with ad networks to perform clicks on ad banners and subscribe to paid premium services. To do this, Joker is able to read SMS messages, contact lists and device information from the victim system.
It collects data from infected systems, intercepts sensitive communications and transmits the information to a remote attacker.

How did I get infected with Joker?

Joker relies on the user actively installing an infected application, which is normally hidden within another software package that appears completely harmless. A list of the affected apps can be found under the link at the end of the dokument.

What do I have to do now?

The device that is at risk can be cleaned by removing the application.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.

More information and a list of affected apps can be found here: https://medium.com/csis-techblog/analysis-of-joker-a-spy-premium-subscription-bot-on-googleplay-9ad24f044451