Since many days the Android platform has been facing lots of issues because of malware from time to time. And currently, the one which is spreading threats to the Android platform is the joker virus. As the name suggests, the joker virus completely relied on the ads bounding the users to sign up for the premium subscriptions and then steal all the data from the mobile in the background. This particular malware is very dangerous for all the Android users and it is as expected. Not only this but also it is being downloaded widely all across the world on a lot of Android phones.  Now, what is the need of the hour? Google has now removed all the apps which are affected by the Google Play Store.

The platform has found has spotted about the presence of the joker malware in 24 different apps which available for download on the Google Play Store. And finally, Google has taken the corrective measure. It has removed all those apps as of now. There are various other malware attacks which affected earlier, but joker infected apps have been downloaded almost half a million times. This means that before Google has removed these apps from the Google Play Store. Because of this, the threats are now still hovering out all across the real world.

The joker malware is so dangerous to the users that it steals all the data which are kept private by the Android users and ultimately this can cause a lot of harm. The joker malware has the ability to sign people up to the premium subscriptions and that too secretly. Through this, it steals SMS messages, data, contacts and various other information of the device such as IMEI numbers as well as serial numbers.

If you are still unaware of this matter and you are using an Android phone. Then you must get concerned with the apps which are affected. To make it easier for you, we have compiled the list of the affected apps which have been released. Check out below:

  • Age Face
  • Advocate Wallpaper
  • Altar Message
  • Beach Camera
  • Antivirus Security – Security Scan
  • Board picture editing
  • Climate SMS
  • Certain Wallpaper
  • Cute Camera
  • Collate Face Scanner
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Humour Camera
  • Great VPN
  • Ignite Clean
  • Leaf Face Scanner
  • Print Plant Scan
  • Mini Camera
  • Rapid Face Scanner
  • Ruddy SMS
  • Reward Clean
  • Spark Wallpaper
  • Soby Camera

So as you came to know about the name of these infected apps, now if you happen to find any of these apps in your Android phone, you need to immediately uninstall it from your phone. Not only this but you also have to perform a full factory reset on your phone for getting rid of this malicious activity which is present in your device.

As per the reports, this Joker malware is attacking only on the targeted countries. This is because most of the infected apps include a list of Mobile Country Codes which is also known as MCC and the victims have to be using the SIM cards of one of these countries so that they can be able to receive the second stage payload. Now coming to the majority. The majority of the countries are happened to be found in the EU as well as Asian countries. Having said that there are some apps which have been allowing for any country to join.  Not only this but also various other additional apps have the additional check. This will make sure that the payload will not be executed when it is running within Canada or the US. The UI  of C&C panel and various other bot’s code comments which are written in Chinese. This could be a hint related to the geographical attribution.

Coming to the full list of the targeted countries and the countries include Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and United States.

Apart from loading the second stage DEX file, this Joker malware which also receives dynamic code as well as commands over HTTP and runs that particular code through JavaScript-to-Java callbacks. This approach, it provides an extra layer of protection against static analysis, since a couple of instruction s in such cases are not much hardcoded into the suspicious app which is situated on the Google Play Store.

Despite all the 24 apps, Google seems to be ranked on the top of this type of threat as much as it is possible. There are some apps which do rack up about  more than one lakh installs before they are being removed.