Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent.
Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than 1,700 infected apps from the Play Store. Later in the same year, operators of the malware uploaded more samples, such as those uncovered by Zscaler.
Through our past research, we found a variant that uses GitHub to hide its payload; changes in the malware’s code such as this one serve as evasion techniques. This is how Joker’s operators still succeed in sneaking new variants into Google Play, despite Google’s consistent measures to clamp down on these apps.
Source: Trend Micro