The Joker Malware also known as Bread has got a new version, as discovered by security researchers at Check Point. The malware exploits the android users; The malware spreads as Android Mobile Apps and subscribes users to paid services.
The subscription is paid and subscribed by the malware that too without the knowledge of the user. Joker operators found a new-fangled way to bypass the Google Play Store Protections. The DEX malicious executable file of the malware is hidden inside the application as the form of strings encoded in Base64. The file in then decoded and downloaded on the victimized device.
Primarily the code was just for communicating with the C & C server. The communication resulted in the loading of the dex file which was inside the main classes.dex file. Joker forges a new entity that communicates and searches if the campaign is active. At the confirmation, the download process is prepared and initiated of the malicious malware.
The Security Experts were revealed to another metadata field which contained the Base64 encoded dex file. The file dex file was enough to run, decode and exploit the devices. The experts read the data from the manifest file and it was enough to know about it. An intermediate option was also observed by the experts, which was exploited to hide the .dex file. The encoded dex file was located in the inner class of the main application rather than just encoded as strings in the manifest file.
As per the experts have cited, this malicious malware subscribes the android users to premium subscriptions. The main components used by malware is the notification listener as a fragment of the application. The active malicious dex file downloads and completes the registration on its own. Initially Discovered in 2017, it is considered as the most common types of android malware. Joker carries out fraudulent transactions without the authority of the user. The device information, SMS messages and contact lists are also exploited.
