Joker-Harly ain't no joke on your android smartphone

Our smartphones are portable yet it packs so much computational power and contains everyone's sensitive information and applications require a vast array of permissions.

We have cited several official applications on the Google Play Store that were directly attributable to malware hashes based on analysis and unrivalled detection by Protectstar AI Antivirus PRO with Protectstar AI Firewall PRO intercepting malicious C2 server traffic connections.

Let us look at the application called " BinBin Flash " and we urge end-users never to play any games by installing malware on their devices as when Joker Harly Malware gets a subscription running your digital wallets will feel the pinch.

About BinBin Flash

Flashlight LED Torch is a versatile lightning app that guides you down the dark path. Strobe light effects increase the excitement of a party, club or stadium. A long-lasting flashlight becomes your emergency light when you need it in the dark.

Permissions noted during our analysis

• android.permission.CALL_PHONE?
• android.permission.READ_CONTACTS?
• android.permission.CHANGE_NETWORK_STATE?
• android.permission.RECEIVE_BOOT_COMPLETED?
• android.permission.REORDER_TASKS?
• android.permission.ACCESS_WIFI_STATE?
• com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Refer to the URLs provided below for full technical insights.

There has been a recent surge in Harley malware targeting Android users worldwide with true malicious intent in every sense of the word. We guesstimate that there have been around 250+ malicious applications found on the Google Play Store with Joker Harly since late 2019/early 2020 with approximately 5 million estimated downloads.

It is imperative to note that Google has phenomenal cybersecurity business practices which have been elevated when they acquired a leader in the industry Mandiant. Unfortunately, even if Google play is inspected carefully, application moderators are not always able to catch these applications before they are released to the public via the Google Play Store.

Stealing your digital funds through malicious subscriptions #Trojan.AndroidOS.Harly

It is alarming that in the sample from our android cyber threat lab android smartphone and tested with a plethora of AV providers between 17% - 43% can detect this new variant that we have identified with sha256 hash: ec4f58e8c0bb604870978e2f271420017e3a47b3e62a6762f5deca3dc5f55960?via Hybrid Analysis.

File analysis URLs:

Virus Total: https://www.virustotal.com/gui/file/98fc1874772bc1a4eac483b4f50b7d36900c29ca3d5711cb6a3b8462854d8f05/detection

Crowdstrike Hybrid-Analysis: https://www.hybrid-analysis.com/sample/98fc1874772bc1a4eac483b4f50b7d36900c29ca3d5711cb6a3b8462854d8f05#

MITRE ATT&CK? Techniques Detection:

Joker-Harly trojans imitate official applications on the playstore and hackers actually download the official application from Google play via an APK extractor, then they open up the binaries into dex architecture then they modify and repackage them as another application name and they bypass strict security protocols as the malicious intent unlocks itself once the application is installed on your android smartphone. When you open the application even once it silently sends out data packets of instructions to the malicious scammers' C2 servers to silently start dropping more malware onto your smartphone to enable the bad actor's cyber kill-chain activities.

We strongly believe that our smartphones are the perfect and silent weapon that bad actors can exploit to gain advances in our computers, and critical infrastructure amongst other things as we know how lovely it is to tune our smart homes from the comfort of our smartphones wherever we go, hackers seek to exploit carte blanche control in order to commit harm to the end-user for their own glory.

What can you do to protect yourself from cyber risks just like Joker Harly?

1. Always install applications from the official application stores as they are doing their best to catch malware-infected applications before they are released to the general public;
2. It will never hurt to randomly sample user reviews on the application on Google Play just a word of caution as even scammers sign up for Google accounts to post reviews on how PRO certain applications are so always be cautious and question everything;
3. We strongly recommend that you follow our cyber-smart insights and tips contained within our recently published Effectualness Personal Cyberspace Defenders Kit as it will enable you on helping you live in a more secure digital environment. Also take notes from our malware testing on our YouTube channel as we focus a lot on android security testing as there are many applications on Google Play that waste end-users' time, and space and upgrading to the premium version just for bells and whistles that are ineffective. Our purpose is to help end-users illuminate their smartphone attack surface to make informed decisions. Access our kit on our LinkedIn page or via this secure URL directly: https://effectualness-za.hubspotpagebuilder.com/effectualness-personal-cyberspace-defenders-kit

Gain Cyber-Smart Insights and Tips here: https://www.youtube.com/@effectualness

We wish everyone a cyber-smart day wherever you are in our world, and always make cyber-smart decisions when you interact with your amazingly snazzy tech on a daily basis, we are confident that end-users like yourself will find immense value in our Effectualness Personal Cyberspace Defenders Kit with a brief snippet in a video below that debuts at 6 pm SAST this evening.

Best Wishes,

The Effectualness Team