Google warns about the malware Joker

Google Play Protect has removed 1,700 unique applications from the Joker family of malware in the Play Store, before users downloaded them, a threat that the company has been following since 2017 and is dedicated to defrauding via SMS and payments for WAP. 

Joker is a family of “malware”, also known as Bread, which addresses the user’s mobile bill. Google first identified it at the beginning of 2017 and since then it has battled infected applications, which always seemed to find a gap in their policies to go unnoticed in the Play Store. 

Even so, the digital store’s defense systems have removed 1,700 unique apps with the Bread malicious program before they were downloaded by users. In September, the company also removed 24 infected applications, which together had reached more than 500,000 downloads.

Applications infected with this family of “malware” made fraud through SMS at its source, but later began to attack payments by WAP (wireless application protocol), as the company reports in a post on its security blog. In any case, these are two techniques that take advantage of the integration of telephone operators with vendors, to facilitate the payment of services with the mobile bill. Both request verification of the device, but not of the user.

“The operator can determine that the request originates from the user’s device, but does not require any user interaction that cannot be automated,” they say from Google. Thus, the creators of this “malware” “use injected clicks, custom HTML parsers and SMS receivers to automate the payment process without requiring any user interaction.”

Source: dpa