According to Belgian police, the “Joker” virus, which targets Android devices and hides in numerous applications on the Google Play Store, has made a comeback. This software can automatically subscribe users to payment systems and empty their bank accounts without their knowledge.

“This malicious program has been detected in eight Play Store applications that Google has suppressed,” said the Belgian authorities in a statement published this Friday, Aug. 20, on their website.

In 2017, the “Joker” malware made headlines for infecting and stealing funds from people by lurking in several programs. Since then, Google Play Store defensive systems have identified and eliminated over 1,700 apps that contain the “Joker” malware before they are downloaded by users, Entrepreneur reported.

The “Joker” virus was discovered in 24 Android applications in September 2020, with over 500 thousand downloads before being deactivated. It is estimated that more than 30 countries were affected at the time, including the U.S., Brazil, and Spain. Through unauthorized subscriptions, hackers could steal up to $7 per subscription weekly, a figure that has most likely increased in recent months.

How does the Joker virus work in Android apps?

The Joker Trojan infection—a part of the “Break” malware family, is right out of a hacker’s playbook. In addition to gaining unauthorized access to one’s invoices, the spyware allows some operations without the user’s approval.

The virus has spread far and wide! It can infect the victim’s smartphone’s SMS, contacts, and other information.

The insidious virus can automatically subscribe customers to pricey premium services without their knowledge, most of which are paid monthly. The majority of malware in the Break family used SMS to commit fraud, India Times reported.

However, as the service becomes outdated in the face of text messaging apps, the malware has moved on to payment systems.

The majority of telephone companies have partnered with suppliers to allow for the payment of mobile bills that necessitate device verification but not user authorization. Unfortunately, the joker virus takes advantage of this flaw.

“You risk a big surprise at the end of the month in your bank account or on your credit card,” said the Belgian police, referring to the unknown charges that the victim will see at the end of the month.

​​In which Android apps could the ‘Joker virus be?

The following are the malicious applications that were removed from the Google Play Store after the “Joker” virus was discovered:

  • Auxiliary Message
  • Element Scanner
  • Fast Magic SMS
  • Free CamScanner
  • Go Messages
  • Super Message
  • Super SMS
  • Travel Wallpapers

Other experts, however, warn that more apps are compromised, resulting in millions of users who are unaware that they are already victims of cyber theft.

According to La Razón, the cybersecurity firm Zscaler has made public the identities of 16 more apps that, according to its investigation, contain the same dangerous code:

  • Private SMS
  • Hummingbird PDF Converter – Photo to PDF
  • Style Photo Collage
  • Talent Photo Editor – Blur focus
  • Paper Doc Scanner
  • All Good PDF Scanner
  • Care Message
  • Part Message
  • Blue Scanner
  • Direct Messenger
  • One Sentence Translator – Multifunctional Translator
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard – Fancy Fonts & Free Emoticons
  • Tangram App Lock
  • Desire Translate
  • Meticulous Scanner

Of course, Android users should check to see if they have any of these apps installed on their smartphones and delete them at once. But, unfortunately, just because they’ve been deleted from the Google Play Store doesn’t mean they’re gone from the computers where they were downloaded.