Cybersecurity team Pradeo has alerted Google to urgently remove six applications on the Google Play store after it was discovered that they contain the sinister Joker malware which has spyware capabilities and can sign individuals up to costly subscriptions without them knowing.
In Pradeo’s research blog, Roxane Suau stated: “Joker is a malicious bot (categorized as Fleeceware) which main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. Altogether, the 6 apps account for nearly 200.000 installs.”
Commenting on the news, Michael Barragry, operations lead at Edgescan, explained to the IT Security Guru:
Like every aspect of security, cryptography is an ever-evolving consideration – what was considered secure 2-3 years ago may now be out of date. Much of this is due to researchers who discover implementation weaknesses and/or manage to improve efficiency of algorithms so that theoretical flaws have now become computationally feasible to exploit.
Each of the 3 most broken rules listed below could give rise to a variety of vulnerabilities:
- Unsafe PRNG: could lead to the compromise of any upstream process which depends upon it – an example could be the generation of a public/private key pair.
- Broken Hash function: Hash functions play a key role in cryptographic signatures – if a weak hash is used this could allow an attacker to forge a TLS certificate and masquerade as another system or device
- CBC mode: Encryption which uses Cipher Block Chaining mode can often give rise to padding oracle attacks which can allow an attacker to fully decrypt a piece of ciphertext
