Joker – Android Trojan
An Android Trojan nicknamed “Joker” has recently been making its way into the Google Play Store. Also known as Bread Trojan, it is a malware dropper with spyware like capabilities, often hidden in advertisements to trick users into clicking and installing additional malware. Once the malware is installed, it has access to emails, text messages, contacts, and other device information and has been observed signing users up for premium services unknowingly.
“In one example, Joker signed up users in Denmark for a premium website service costing roughly 7 euros a week by simulating clicks on the website, automatically entering the operator’s offer codes, and extracting confirmation codes from SMS messages sent to the target device. These codes are then submitted to the ad website to complete the process.” (ZDNet) Although no attribution has been made at the time, Command and Control servers and some of the programming indicate it could belong to Chinese actors.
If you believe you have been compromised, uninstalling the App will not remove the malware, a factory reset may be necessary as well as contacting your financial institutions to work with them to reverse the chargers.
A list of IOCs are available (IOCs) for users to implement checks, and more are to come as the malware is being tracked.
Sources: