HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
The new Microsoft Store is now rolling out to Windows 10 PCs
Windows 10 App Installer abused in BazarLoader malware attacks
BotenaGo botnet targets millions of IoT devices with 33 exploits
How to fix the Windows 0x0000007c network printing error
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
google play
Two Android apps available on the Google Play store have been found to contain malware this week.
These apps are called ‘Smart TV remote’ and ‘Halloween Coloring’, with the former having been downloaded at least 1,000 times.
This week, Tatyana Shishkova, Android malware analyst at Kaspersky disclosed the names of two Google Play apps that are laced with Joker malware.
At least one of these apps, ‘Smart TV remote’ has been installed over 1,000 times thus far since its publication on October 29th.
According to Shishkova, these apps are trojanized with the Joker malware:
#Joker Android Trojans on Google Play:https://t.co/jxJWbe8AH0 Oct 29, 1,000+ installshttps://t.co/UmLssAqBF7 Nov 5, 1+ installs pic.twitter.com/wVLY4yI4Kz
As previously reported by BleepingComputer, the threat actors behind the Joker malware hide malicious code in seemingly benign apps and publish these to official app stores. Earlier this year, over 500,000 Huawei Android devices were found to be infected with Joker.
The malware is known to subscribe users to premium mobile services without their consent or knowledge.
To better analyze the malicious code, BleepingComputer obtained the Android apps and decompiled these APKs.
As also confirmed by Shishkova, the malicious code exists in the “resources/assets/kup3x4nowz” file within the Smart TV remote app. For the Halloween Coloring app, an identical file named “q7y4prmugi” exists at the same location.
These files contain base64 code, shown below, packing a Linux ELF binary:
This ELF binary further downloads second-stage payload hosted on an Amazon AWS instance. The URLs  contained in the ELFs to second-stage payload are:
As checked by BleepingComputer, these files yr41ajkdp5 and vl39sbv02d being XOR-encrypted themselves, are not detected by any of the leading antivirus engines thus far.
Decoding these files with an XOR key ‘0x40’ however, produces APK archives. In essence, the quasi-benign ‘Smart TV remote’ and ‘Halloween Coloring’ apps are a front for downloading malicious apps onto your Android devices.
Last month, malicious “photo editor” apps were also caught sitting on the Google Play store by Shishkova and Maxime Ingrao, a security researcher at mobile payments cybersecurity firm Evina.
BleepingComputer has reported the malicious ‘Smart TV remote’ and ‘Halloween Coloring’ apps to Google Play prior to publishing.
It is plausible, Google Play Protect might eventually catch these apps and offer automatic protection to affected users, despite the initial miss leading to the apps’ publication on Play store.
“Google Play Protect checks apps when you install them. It also periodically scans your device. If it finds a potentially harmful app, it might send you a notification,… disable the app until you uninstall it, [or] remove the app automatically,” state Google’s official docs.
In the meantime, users who have installed either of these apps should uninstall the app immediately, clean up their smartphone, and check for any unauthorized subscriptions or billing activity initiated from their accounts.
Update 11 Nov 13:14 ET: A Google spokesperson told BleepingComputer, “Both apps have been removed and the developers have been banned.”
New AbstractEmu malware roots Android devices, evades detection
New Android malware targets Netflix, Instagram, and Twitter users
PhoneSpy: Android spyware campaign targeting South Korean users
Android spyware spreading as antivirus software in Japan
Android spyware apps target Israel in three-year-long campaign
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Fake TSA PreCheck sites scam US travelers with fake renewals

US regulators order banks to report cyberattacks within 36 hoursHackers deploy Linux…

Mobile phishing attacks targeting energy sector surge by 161%

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Costco discloses data breach after finding credit card skimmer

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…

Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions

New Microsoft emergency updates fix Windows Server auth issues7 million Robinhood user…