Joker Trojan Downloaded 472,000 Times on Android

Bernard Hastings | Last Updated:

Technical Writer

For the better part of a year, the Android world has been reeling from countless malware attacks, personal data hacks, and so many more malicious cybercrimes. This week, the Joker Trojan has made another appearance, infecting 24 apps on Google’s Play Store and has been downloaded a staggering 472,000 times.

The Trojan essentially scours infected devices in search of as much personal data that it can get, whether it be simple notes, lists, device serial numbers or even text messages. To add, the Joker Trojan has also begun signing up devices to paid subscriptions without a device owner knowing, effectively costing them hundreds of dollars over the long term.

Active Since June

Taking a look into the Trojan, it’s possible for it to have been active since early June, with Google still failing to pull the malware from its Play Store.

In the time the Trojan has been active, it has been downloaded almost half a million times, and one infected app had been downloaded 100,000 times on its own. What this means is that the Joker Trojan may have found its way into 500,000 Android devices, lurking and stealing data and spending money without approval for months.

How does the Joker Trojan work?

After an infected app is downloaded, the Joker Trojan begins downloading a second component of the malware on its own. Once downloaded, this component then acts as if it were the smartphone user itself, clicking on ads, subscribing to applications and more.

The secondary component also uses its ‘human spoofing’ to sift through the entire contents of a device, harvesting everything from text messages, personal data and more.

One of the primary reasons the Trojan requires access to text messages is for the approval of subscriptions. When a device requests a subscription, a verification code is often sent via SMS, the Trojan takes care of this and approves the subscription with the verification code on its own.

Lastly, once all of the personal data is collected, the Joker Trojan then encrypts and shares it back to the main control servers, which is currently untraceable.

Countries affected by the Joker Trogan

To make matters worse, the Trojan seems to have spread worldwide, affecting 37 known countries and possibly many more.

A dataset from CSIS Security Group outlined the following affected nations:

“Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and United States.”

Staying Safe

Although many users would expect Google to keep its Play Store safe, like Apple’s App Store, this often isn’t the case. Google regularly touts that they are continually searching for malicious apps and removing them from the Play Store; however, this Trojan has been active for four months or possibly longer.

We suggest that you take a good look into what an application requests access to upon installation. If it looks to be asking for access to some rather unexpected sections of your device, then it might be safer to simply delete it. For example, if you’re looking to install a note-taking app, that app shouldn’t request access to text messages, phone calls, photo galleries and other private apps.

Remember, installing a VPN service may also be a good idea to keep malware and Trojans from easily interacting with their base services. A reputable VPN service provider such as ExpressVPN, NordVPN or CyberGhost will encrypt and ‘confuse’ certain parts of malware that could render it almost entirely useless.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address:
  • Your Location: Ashburn, US
  • Your Internet Provider:

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News

view further information about ExpressVPN prices

Our Testing Process

  1. Security
  2. No-Logs Policies
  3. Speed
  4. Streaming
  5. Torrenting
  6. Censorship
view further information about ExpressVPN product features