Trending Now
If you’ve used any of the following Android apps, you’ll probably want to get busy erasing them AND you’ll want to check your credit card statement.
Here’s why.
A new malware called “Joker” has made its way into Android apps that ended up in the Google Play store. The malware silently signs users up for subscriptions that might go undetected by people unless they closely look at their monthly credit card statements.
Aleksejs Kuprins, writing at the cybersecurity company CSIS, described how the scam works:
“For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”
Google has already removed the bad apps from the Google Play Store, but you should still do a double-check to see if you’ve downloaded or used any of them because they racked up more than 472,000 downloads before they were taken down.
Here’s a list of the infected Android apps (with links).
- Advocate Wallpaper
- Age Face
- Altar Message
- Antivirus Security – Security Scan
- Beach Camera
- Board picture editing
- Certain Wallpaper
- Climate SMS
- Collate Face Scanner
- Cute Camera
- Dazzle Wallpaper
- Declare Message
- Display Camera
- Great VPN
- Humour Camera
- Ignite Clean
- Leaf Face Scanner
- Mini Camera
- Print Plant scan
- Rapid Face Scanner
- Reward Clean
- Ruddy SMS
- Soby Camera
- Spark Wallpaper
After you’ve done the deletions (if you needed to), be sure to check your credit card statements back to June of this year to make sure that you don’t have any suspicious charges for subscriptions you didn’t buy.
If you are one of the unlucky ones, the next step is to alert the people in your contact list: the “Joker” malware steals your entire contact list and uploads it to a command and control server, so it’s better to be safe than sorry.