How the Joker malware steals people’s money

A new piece of malware with the same name as one of Batman’s most iconic foes is costing Android users money.

The Joker was first detected by malware analyst Aleksejs Kuprins, working at CSIS Security Group, the cybersecurity company. He penned an analysis of the virus on Medium.

The Joker malware is embedded in several apps that were available on the Google Play store. Many of them has since the discovery been taken off the store. Once downloaded, the virus can get access to the Android user’s contacts, device info and messages.

Moreover, the Joker also signs up the user to several subscription services. “For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR),” Kuprins wrote. “This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”

The Joker predominantly attacked users in Asia and the EU. However, users in Brazil and the US were also affected.

Copyright © 2019 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.