Research Saturday 8.28.21
Ep 198 | 8.28.21

Joker malware family: not a joke for Google Play.

Show Notes

Guest Deepen Desai, Zscaler's Chief Information Security Officer and VP Security Research & Operations, joins Dave to discuss their ThreatLabz team's research "Joker Joking in Google Play: Joker malware targets Google Play store with new tactics." Joker is one of the most prominent malware families targeting Android devices. Despite public awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques. This spyware is designed to steal SMS messages, contact lists, and device information, and to sign the victim up for premium wireless application protocol (WAP) services.

Zscaler’s ThreatLabz research team has been constantly monitoring the Joker malware. Recently, they observed regular uploads of it onto the Google Play store. ThreatLabz notified the Google Android Security team, who have taken prompt action to remove the suspicious apps from the Google Play store. 

This prompted them to evaluate how Joker is so successful at getting around the Google Play vetting process. The team saw 11 different samples regularly uploaded to Google Play recently clocking 30k installs.

The research can be found here: