CIO Insider

CIOInsider India Magazine


The Joker Malware that Puts Android Phones at Stake through a Squid Game App


The Netflix number one hit series, Squid Game, is a disturbingly violent portrayal of bleak reality showcasing the pits of one’s mind when driven to insanity, which now might make the android phone go insane as well. Cyber criminals have found a way to sneak their attacks through an app called 'Squid Game Wallpaper 4K HD' which was available on Google Play Store intending to affect Android phones with a malware called Joker.

A little background check on this Joker malware is that it’s known to steal money from users by subscribing them to paid subscriptions without the user’s consent.

It collects the victim's SMS messages, including OTP to confirm purchases, and then simulates user interaction with advertisements without their knowledge.

This implies that until they receive a message or notification indicating their credit card statements, etc., the affected user may be unaware that they have been signed up for a paid membership service and that their money has been withdrawn from their account. However, it comes as no brainer that cyber criminals tend to use means that are widely used by people or are popular like the infamous coronavirus.

The number of cyber-attacks made during the sudden outbreak of the COVID-19 pandemic is like no other, since these numbers shot up to an alarming 93 percent according to the latest report by Check Points. Since a lot of mails, messages, news and other content carrying covid precautions, affected cases, and the like were flooding the electronic media, drawing cyber criminals to use this as a way to infiltrate companies, banks and individuals by sending a virus through mails.

Unbeknownst to the receiver who find themselves questioning how their data got leaked, or how their bank balance numbers seem to be appearing lesser than before. But this Joker malware instead seems to be a regular uninvited guest at the Google Play Store platform often infecting several apps which Google had to clean the mess afterwards.

How the Joker Malware Makes its Entry
All it takes is a small change in its code to give it the accessibility to enter Google official application market with enough power to get the Google Play Store’s security pass as well as vetting bars. What’s worse is that two new Joker Dropper and Premium Dialer malware types were found in the Play Store and these were discovered hidden inside software that appeared to be genuine.

Stefanko said in a tweet that there are at least 200 Squid Game-based apps accessible on Google Play. Within ten days, the most popular of these apps had surpassed one million downloads. He stated, “seems like a perfect opportunity to generate money on in-app ads from one of the most popular TV shows without having to create an official game”

The malicious actor behind Joker was seen to resemble an old approach from the traditional PC threat landscape and utilized it in the mobile app market to avoid detection by Google. It’s said that this malware uses two methods, one being a ‘Notification Listener’ service that is part of the original program, and the other is a dynamic dex file loaded from the C&C server to complete the user's registration to the services. In an attempt to hide Joker's fingerprint, the actor behind it masked the dynamically loaded dex file from sight while still ensuring it could load, a method well-known to malware authors for Windows PCs. This new variant now hides the malicious dex file as Base64 encoded strings inside the application, ready to be decoded and loaded.

The makers of the Joker malware are quite active by coming up with new ways to get through Google's Play Store verification procedure. The malicious actors are succeeding in their efforts, based on the amount of payloads published to Google Play.

This does not imply that Android users should download apps from third-party app shops. Yet it is recommended that installing mobile apps from the Google Play Store is still safer than third-party marketplaces that have little to no testing process.

Joker Malware Enters Squid Game
Lukas Stefanko, a malware researcher at the security firm ESET, noticed that the software 'Squid Wallpaper 4K HD' was being used to infect Android phones with the infamous Joker malware.

The malicious activity was discovered in an app disguised as a wallpaper store named after the show on the Google Play Store. The unauthorized Squid Game app, like many others, has been discovered to be infected with malware. Even alarming is the fact that over 5,000 people have already downloaded the app from the Google Play Store.

On the target devices, the app might download and execute native libraries, as well as malicious programs.

The cyber researcher went on to say that hackers may use the warned software to commit malicious ad-fraud and/or unwanted SMS subscription operations. In addition to gaining unauthorized access to one's bills, the malware allows some operations without the user's approval.

Stefanko said in a tweet that there are at least 200 Squid Game-based apps accessible on Google Play. Within ten days, the most popular of these apps had surpassed one million downloads. He stated, “seems like a perfect opportunity to generate money on in-app ads from one of the most popular TV shows without having to create an official game”.

Given the potential for cyber criminals to utilize the craze to deceive people into downloading malware, consumers should exercise extreme caution while installing any programs on their devices. For Android users, the best course of action is to delete such apps from their devices to reduce their chances of contracting the Joker malware. Furthermore, installing anti-virus on any device might help safeguard it from viruses.

Guide to Avoid Meeting the Joker
Irrelevant emails with attachments or web links originating from unknown, suspicious, or suspicious addresses should not be trusted. Email links and files should not be opened unless you are certain they are safe to do so.

Third-party downloaders, installers, Peer-to-Peer networks (e.g., torrent clients, eMule), and other similar methods should not be used to download or install software. Only official websites and direct links should be used to download programs and files.

Furthermore, installed software must be updated and activated utilizing official developer-designed tools or features. Malware is frequently distributed through third-party software. Furthermore, using various unauthorized activation ('cracking') methods to circumvent the activation of licensed products is prohibited.

What users can and should do is unsubscribe from any premium services or platforms users are unfamiliar with as soon as possible and erase any suspicious apps from the phone as soon as possible.

Current Issue
63SATS : Redefining Cyber Security For A Safer World