Take a Virtual, Interactive Tour 

Cyber Security, trojans

  |  
3 Min Read

Joker Trojan

Joker Trojan Recently a Malware by the name of Joker has surfaced to our eyes. This malware is specifically a trojan that not to long ago began targeting specifically android devices to steal SMS messages, contact lists and device information. The cybersecurity researchers at CSIS has affirmed that the Joker is one of the new types of malwares that is mainly targeting and putting android devices in danger.  Not only will it steal information in also signs the victim up silently for premium wireless application WAP services. All possible plots divide into three separate ranges. Direct download, One-stage download, and Two-stage download. Direct download For this situation, the last payload is being conveyed through an immediate URL that is gotten from the command and control (C&C) worker. In this situation, the contaminated Google Play store application has the C&C address put away in the code itself with chain obfuscation. Subsequent to introducing it, the tainted application speaks with the C&C worker, and afterward it responds with the URL of a last payload. One-stage download Experts in this phase have observed that in order to recover the final payload, the infected Google Play app utilizes a stager payload. “That’s why the infected Google Play store app has the stager payload URL, that is encoded in the code itself and encrypted utilizing the Advanced Encryption Standard (AES). However, the main job of this stager payload is to retrieve the final payload URL from the code and then download it.” Two-stage download For this situation, the tainted Google Play store applications have two-stage payload downloads to recoup the last payload. That is the reason the Google Play infected application downloads the stage one payload, which downloads the stage two payload, that in the long run stacks the end Joker payload. Once the execution of stage one payload Is over, it then proceeds to download the stage two payload, and that is why the stage two payload shows the same performance as stage one payload. 

joker

Sources:https://cybersecuritynews.com/joker-android-trojan/

Comment

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 3 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...