The "Joker" is mainly designed to secretly sign users up for paid subscription services.
“For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly 6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for an SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription”, Aleksejs Kuprins from the cybersecurity company CSIS said, cited by LifeHacker.
According to the report, those infected with malware Joker apps, before being removed from the Google Play store, managed to gain over 472,000 total of downloads.
According to a cybersecurity pundit, cited by LifeHacker, it is impossible to spot any unexpected paid subscriptions while using one of the infected apps.
It is better to check personal bank accounts or credit cards as far back as June of this year - the time when the Joker malware started kicking off its latest batch of auto-subscriptions, LifeHacker said.
The list of the infected apps reportedly include "Advocate Wallpaper", "Age Face", "Altar Message", "Antivirus Security - Security Scan", "Beach Camera", "Board picture editing" and others.