Skip to main content

Android 'Joker' malware wants to attack your credit card – here's how to fight back

Joker Malware Virus
(Image credit: Warner Bros.)

A new strain of malware that authorizes subscriptions to premium services has been discovered in 24 popular Android apps.

Dubbed 'the Joker', the virus was revealed by CSIS Security Group analyst Aleksejs Kuprins in a detailed post on Medium.

Once it infects a phone or tablet through one of the host apps, it steals the device's contact list and SMS text messages – scary stuff, but fairly commonplace in the murky world of malware.

It doesn't stop there, though.

What makes the Joker a particularly deranged piece of malware is that it also manages to simulate interactions with websites, with the end result of signing up to a paid service – with the victim left to foot the bill.

"In Denmark, Joker can silently sign the victim up for a 50 DKK/week service [~$7.40]...by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription," Kuprins explains.

In total, the 24 affected Android apps have racked up over 472,000 total downloads on the Google Play Store – a sizeable enough number that it's definitely worth Android users double-checking their credit card statement to ensure the Joker isn't laughing at their expense.

Joker malware app list and how to check for the Android virus

As shared by Lifehacker, the 24 Android apps believed to be affected by the Joker malware are:

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security - Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper

Whilst there are no big names in the list, nearly half a million downloads suggests that a fair few people have been hit by the Joker malware.

If any of the apps above sound familiar, you'll want to trawl through your bank and credit card statements looking for suspicious charges. The Joker malware is understood to have started its reign of auto-subscription terror in June, so that's the date to start from.

The best online banks should make light work of this, but it's still worth spending some quality time with your filing cabinet if you have to. 

If you still have any of the above apps downloaded on your Android device, you'll want to delete them immediately.

You should also check your Google Play account for any dubious charges, though it's unlikely you'll find anything, as the infected apps have already been removed from the Play Store.

If you're particularly alarmed or have discovered you've already fallen victim to the attack, you may also want to consider how you store your credit card information on your phone or tablet.

While the Joker is one of the more sophisticated malware viruses we've seen, it will only have been able to extract a payment from you if you had your details fully stored on your device.

Lastly, attacks like the Joker highlight the value of investing in a quality mobile security solution.

Most of the best antivirus software options offer companion apps for Android and iOS, which among other things should scan anything you want to download for dubious content before allowing it to install on your device.