How Google Play Store mechanisms was bypassed by Joker software
How Google Play Store mechanisms was bypassed by Joker software-
The notorious Joker software is all up in the Android show record – this document contains all the essential data for the application to work. Every application contains this document. On account of this, Joker vaguely buys in casualties to paid administrations.
Initially, A team of researchers at Check Point Research talked about a new way that Joker uses. To bypass Google Play Store security mechanisms. It was first discovered in 2017: this spyware can access notifications, read and send SMS messages. Joker uses these features to seamlessly subscribe victims to paid services. Google characterizes this malware as an ongoing threat that it has encountered over the past few years. Also, According to Google, Joker tried almost every masking technique to go unnoticed.
Check Point researcher Aviran Hazum recently revealed a new way to use Joker. This time, the Joker malware hides the malicious code inside the Android manifest file in legitimate applications. The manifest file is located in the root folder of each application, it also provides important information about the application that the Android system requires: name, icon and permissions for the Android system. Only after receiving this information, the system can execute any application code. Thus, malware does not require access to a C&C server controlled by cybercriminals. Typically, this server is to send commands to corrupt systems that are already on default by malware to download the payload — the part of the malware that does the bulk of the work.
The new method of applying Joker can be divide into three stages.
- Creating payload. Joker preloads the payload by inserting it into the Android manifest file.
- Deferred payload loading. During the evaluation, Joker does not even try to download a malicious payload – this greatly facilitates bypassing the Google Play Store security features.
- Malware distribution. After the Google Play Store security services approve the application, a malicious campaign begins to work –– the payload is detected and loaded.
Furthermore, Researchers at Check Point responsibly disclosed their findings to Google. All claimed applications (11 applications) were removed from the Play Store by April 30, 2020.
“Joker is constantly changing, adapting to new conditions. We found that it is hiding in a file with the necessary information, a file that is contained in each Android application, ”says Aviran Hazum, mobile research specialist at Check Point Software Technologies. –– Our latest research shows that Google Play Store protection is not enough. We weekly spotted numerous instances of Joker uploading to Google Play — each of which was produced by unsuspecting users. Joker malware is hard to detect despite Google’s investment in Play Store security. Although Google has now removed the malicious applications from the Play Store, it is based on assumption that Joker will return again. It is desirable for each user to know about this program and understand how it is possible to suffer from it. ”
If you suspect that your device may have one of these infected applications:
- Remove the infected application from the device.
- Check all accounts: your mobile operator balance, credit cards. You need to find out if you are subscribed to any paid subscriptions, and if you do not need it, cancel the subscription.
- Install a security solution to prevent further infections.
That’s all on How Google Play Store mechanisms was bypassed by Joker software
WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. Payment is Upfront, Our services are not free CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY : WHATSAPP: sudohackers.com CLICK HERE EMAIL: [email protected] EMAIL US NOW ICQ: sudohackers.com CLICK HERE TELEGRAM: sudohackers.com CLICK HERE