If you have any questions, contact us:
Telegram:maintex
ICQ:1607000


Go Back   Cyber Security Forum > Cybercrime Forum > Hosting » Security » Anonymity

Notices

Hosting » Security » Anonymity VPN, socks, rdp, traffic

Reply
 
Thread Tools Search this Thread
  #1 Old 07-23-2020, 02:12 PM
FullzLord
 
FullzLord's Avatar
 
Join Date: Oct 2017
Posts: 8
FullzLord is an unknown quantity at this point
Post Google Play Store mechanisms bypassed by Joker software

The infamous Joker malware is hidden in the Android manifest file –– this file contains all the necessary information for the application to work. Each application contains this file. Thanks to this, Joker imperceptibly subscribes victims to paid services.

A team of researchers at Check Point Research talked about a new way that Joker uses to bypass Google Play Store security mechanisms. It was first discovered in 2017: this spyware can access notifications, read and send SMS messages. Joker uses these features to seamlessly subscribe victims to paid services. Google characterizes this malware as an ongoing threat that it has encountered over the past few years. According to Google, Joker tried almost every masking technique to go unnoticed.

Check Point researcher Aviran Hazum recently revealed a new way to use Joker. This time, the Joker malware hides the malicious code inside the Android manifest file in legitimate applications. The manifest file is located in the root folder of each application, it provides important information about the application that the Android system requires: name, icon and permissions for the Android system. Only after receiving this information, the system can execute any application code. Thus, malware does not require access to a C&C server controlled by cybercriminals. Typically, this server is used to send commands to infected systems that are already compromised by malware to download the payload — the part of the malware that does the bulk of the work.

The new method of applying Joker can be divided into three stages.

Creating payload. Joker preloads the payload by inserting it into the Android manifest file.
Deferred payload loading. During the evaluation, Joker does not even try to download a malicious payload – this greatly facilitates bypassing the Google Play Store security features.
Malware distribution. After the Google Play Store security services approve the application, a malicious campaign begins to work –– the payload is detected and loaded.

Researchers at Check Point responsibly disclosed their findings to Google. All claimed applications (11 applications) were removed from the Play Store by April 30, 2020.

“Joker is constantly changing, adapting to new conditions. We found that it is hiding in a file with the necessary information, a file that is contained in each Android application, ”says Aviran Hazum, mobile research specialist at Check Point Software Technologies. –– Our latest research shows that Google Play Store protection is not enough. We weekly spotted numerous instances of Joker uploading to Google Play — each of which was produced by unsuspecting users. Joker malware is hard to detect despite Google’s investment in Play Store security. Although Google has now removed the malicious applications from the Play Store, it can be assumed that Joker will return again. It is desirable for each user to know about this program and understand how it is possible to suffer from it. ”

Protection methods

If you suspect that your device may have one of these infected applications:

Remove the infected application from the device.
Check all accounts: your mobile operator balance, credit cards. You need to find out if you are subscribed to any paid subscriptions, and if you do not need it, cancel the subscription.
Install a security solution to prevent further infections.
FullzLord is offline   Reply With Quote
Reply

Tags
bypassed, google, joker, mechanisms, play, software, store

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
СКУПАЮ ГИФТ КАРТЫ PSN, XBOX, ITUNES, GOOGLE PLAY, AMAZON, NINTENDO, FACEBOOK, SKYPE, STEAM WALLET за goodbushido Непроверенная реклама 58 08-13-2021 11:59 AM
Joker's Stash Invite Code angellboyy Hosting » Security » Anonymity 12 10-20-2018 03:55 PM
where better to play? core Payments » Banks » Poker 0 07-24-2015 11:18 AM
Is it possible to play for money Fix Payments » Banks » Poker 1 07-22-2015 12:20 PM


Cybercrime forum, cybercrime site, ,fraud forum, russian fraud forum, Credit cards, carder, infraud, carders.ws, crdpro, fraudsters, darkpro, crdcrew, dumps, cvv, cc, stuff carding, legit seller, vendor, free cvv, dumps+pin, skimmer, ,shimmer, emv software, emv chip writer, free cc+cvv, valid cards, track 2, free cvv, dump pin, dumps, cvv, cc, credit cards, real carding, legit vendor, carder forum, carding tutorial, russian hackers, online cvv shop, track 101, enroll, fullz