A new Android malware called Joker (after the manic Batman villain) has been discovered which can gain access to a victim’s SMS messages, contacts list, and other specific device information. It can also sign victims up for premium subscription services without their knowledge.
The malware has been reported to have infected a total 24 apps on the Google Play Store with over 472,000 installs in total. The Joker malware is able to interact with an advertisement and enter an offer code. Since it has access to a user’s SMS messages, it simply waits for a confirmation code and then extracts it. That includes making payments as well.
Essentially, the infected apps silently click on an advertisement within the app, and goes on to do the same thing for the sign-up process. The app then gets access to the user’s SMS messages, copying the OTP that gets sent to authenticate a payment. The money then gets promptly deducted from the user’s bank account.
The majority of the discovered apps target the EU and Asian countries including Australia, Belgium, Brazil, China, Egypt, France, Germany, Greece, Ireland, Italy, Kuwait, Netherlands, Norway, Poland, Qatar, Singapore, Spain, Sweden, Turkey, United Arab Emirates and the U.K. amongst others. The apps that have been affected are
1. Advocate Wallpaper
2. Age Face
3. Altar Message
4. Antivirus Security- Security Scan
5. Beach Camera
6. Board Picture Editing
7. Certain Wallpaper
8. Climate SMS
9. Collate Face Scanner
10. Cute Camera
11. Dazzle Wallpaper
12. Declare Wallpaper
13. Display Camera
14. Great VPN
15. Humour Camera
16. Ignite Clean
17. Leaf Face Scanner
18. Mini Camera
19. Print Plant Scan
20. Rapid Face Scanner
21. Reward Clean
22. Ruddy SMS
23. Soby Camera
24. Spark Wallpaper
How to Secure mobile applications?
Mobile application development teams need to focus on security. It’s vital to understand the mobile platform and how the operating system (OS) functions. This allows developers to understand the possible threats to mobile application security and take action to prevent or minimize these threats.
As an Application Owner (or Mobile Application Developer), the best way to secure phones is to get your mobile application tested for Security Vulnerabilities.
An Android application code review is conducted on its .java files and tested via its .apk files or Android Marketplace download. An iOS (Apple OS) application code review is conducted on its .h and .m files and tested via the Apple App Store download.
How can E Com Security Solutions help with mobile application security?
E Com Security Solutions, cyber security team analyzes iOS and Android app code and identifies flaws often missed in traditional testing environments. We help you track down areas that may be vulnerable to code injection, session fixation, password inadequacy, Detect backdoors or suspicious code, Detect hard-coded passwords and secret keys among other issues. This allows your developers to concentrate on fixing problems rather than finding them.
Also our mobile app security testing enables you to demonstrate compliance with PCI-DSS, HIPAA and other risk frameworks and security standards.