Image

Image

In an attempt to minimize Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.Users who believe they've been infected with Joker should follow Check Point Research's advice and uninstall whichever application was responsible for producing the infection from their device. They should also install a mobile security solution to protect their devices against similar infections in the future. From there, they should keep an eye out on their credit card bills and other account statements to see if they've been enrolled in any unfamiliar subscription services. If they have been, they should attempt to unsubscribe. If that doesn't work, they should contact their payment card company to see if they can block the charge directly. Mobile users can further protect themselves against threats such as Joker by following these best practices on their devices.