A new variant of the dropper and premium dialer malware Joker recently infiltrated 11 apps in the Google Play Store, information security firm Check Point reports.

According to a Check Point report released today (July 9), the creators of Joker have updated their code to bypass Google Play's security measures, allowing them to re-infect Android devices.

According to Check Point researchers, the latest variant of Joker hides inside "seemingly legitimate applications" and installs "additional" malware on unsuspecting users' devices.

And they explain that the malware "induces users to subscribe to premium services without their knowledge or consent."

Joker's latest strain was found in 11 different apps, including a flower wallpaper app, a file recovery app, an alarm app, a memory game, and several apps offering cheerful messages and relaxation. All were removed from the Google Play store by April 30, according to a Check Point press release.

To avoid detection of the malware, Joker's creators typically make small changes to their code. For example, in September 2019, 24 apps were booted from Google Play for hiding Joker.

But according to Check Point researchers, the malware developers this time around "took an old technique from the traditional PC threat landscape and used it in the mobile app world."

"To achieve the ability to subscribe to premium services without the app user's knowledge or consent, Joker utilizes two main components: a notification listener service that is part of the original application and a C&C server loaded from a A dynamic dex file was used to perform the registration of users to the service," the researchers wrote.

According to the researchers, Joker's creators "made the dynamically loaded dex files invisible while allowing them to load," a method usually employed by cyber fraudsters who develop Windows malware. 17]

"This new variant now hides the malicious dex file within the application as a Base64-encoded string that can be decoded and loaded"

. [Check Point urges users who download infected apps to their devices to uninstall them, check their bank statements to see if unfamiliar subscription payments are being made from their accounts, and to use the best Android antivirus app.

A list of Android package names is provided below. However, these package names do not necessarily match the names of the apps in Google Play or the app store.