Official Students' Blog of University of Advancing Technology

Joker Trojan

Written by Chad Oertel | Oct 22, 2020 6:32:00 PM

Joker Trojan Recently a Malware by the name of Joker has surfaced to our eyes. This malware is specifically a trojan that not to long ago began targeting specifically android devices to steal SMS messages, contact lists and device information. The cybersecurity researchers at CSIS has affirmed that the Joker is one of the new types of malwares that is mainly targeting and putting android devices in danger.  Not only will it steal information in also signs the victim up silently for premium wireless application WAP services. All possible plots divide into three separate ranges. Direct download, One-stage download, and Two-stage download. Direct download For this situation, the last payload is being conveyed through an immediate URL that is gotten from the command and control (C&C) worker. In this situation, the contaminated Google Play store application has the C&C address put away in the code itself with chain obfuscation. Subsequent to introducing it, the tainted application speaks with the C&C worker, and afterward it responds with the URL of a last payload. One-stage download Experts in this phase have observed that in order to recover the final payload, the infected Google Play app utilizes a stager payload. “That’s why the infected Google Play store app has the stager payload URL, that is encoded in the code itself and encrypted utilizing the Advanced Encryption Standard (AES). However, the main job of this stager payload is to retrieve the final payload URL from the code and then download it.” Two-stage download For this situation, the tainted Google Play store applications have two-stage payload downloads to recoup the last payload. That is the reason the Google Play infected application downloads the stage one payload, which downloads the stage two payload, that in the long run stacks the end Joker payload. Once the execution of stage one payload Is over, it then proceeds to download the stage two payload, and that is why the stage two payload shows the same performance as stage one payload. 

Sources:https://cybersecuritynews.com/joker-android-trojan/