The security team of Google publicly share what it can be fraudulent monetary fraud that does not stop trying to install its malware on The toy store.
This malware is called & # 39; Bread & # 39 ;, better known as the & # 39; Joker & # 39; and that last September received 24 applications that received over 500,000 downloads. Google claims to be a persistent organized attacker who tries its best to avoid all Google Play Protect protection.
This is the & # 39; Joker & # 39; how it works
& # 39; Joker & # 39; s a malware that uses malicious programs trying to install us premium subscription services Cheating. It was first introduced in 2017 and they use the Premium SMS scam first, but due to the protection of newer versions of Android and Play Protect against sending unauthorized SMS they go to beads WAP billing.
WAP billing is a payment method they use to allow us to send premium subscription services by simply clicking on the link, and automatically registering our phone number and charging their price from our invoice.
Malicious applications employ new and old techniques to hide and hide your ** intentions to protect your Google Play purposes. However, Google Play Protect has managed to find common ground to prevent many of them from accessing Google Play, remove 1,700 requests The & # 39; Joker & # 39; s before being downloaded by users.
Google's details of what these malicious programs do is first introduce a the first pure type without malware full false ratings and inadequate terms and conditions. This increases the number of downloads so users think the app is safe.
Later they tried to pull a update with malware that you can sign up for a premium service by opening the system and then you should contact your operator to stop charging for that service.
Google reports that & # 39; Joker & # 39; s malware developers are the most active assets, with three or more variants. The company saw how they sent out 23 different applications in one day. When they realized that they would not be able to interrupt a malicious application, they took a break and returned to another attack a few weeks later.
Via | 9to5Google
