The Joker is malicious code that lurks inside seemingly legitimate apps. It often waits hours or days after the app is installed to run in an attempt to evade Google’s automated malware detection. On Thursday, researchers with security firm Check Point said the Joker has struck again, this time lurking in 11 seemingly legitimate apps downloaded from Play about 500,000 times. Once activated, the malware allowed the apps to surreptitiously subscribe users to pricey premium services.
The new variant found a new trick to go undetected—it hid its malicious payload inside what’s known as the manifest, a file Google requires every app to include in its root directory. Google’s intent is for the XML file to provide more transparency by making permissions, icons, and other information about the app easy to find.
Read 8 remaining paragraphs | Comments