Trojan plague on Google Play from an expert's perspective. This is what we know about Joker and Harry

The Android app store Google Play Store is one of the most common places where an unaware user may encounter malware. All we need is one application that interests us and we can infect our phone with a dangerous virus.

Two Trojans have recently enjoyed a particularly bad reputation. This is the Joker and his improved version of Harly, known for quite a few years. Both names are inspired by the names of comic book villains from the Batman universe, but they can really cause trouble on our phones.

So we decided to ask some burning questions to an international expert. Sergey Shykevich is the head of the threat intelligence department at Check Point Software Technologies. The American-Israeli company provides companies with cybersecurity solutions and constantly monitors new and increasingly popular online threats.

Joker and Harly – everything we know about Trojans impersonating Google Play applications

Let's start from the beginning. Where did Joker and Harly come from and why were they created? – The Joker malware has been active since 2017 and re-emerged in 2022. Its main goal is SMS fraud and message hijacking, Shykevich tells us.

Interestingly, despite their popularity, the exact origins of both Trojans are still shrouded in mystery. It cannot be clearly stated which hacker group is behind the software. We also do not know whether it is a criminal group, a collective working on behalf of a specific state, or maybe a lone shooter.

The question arises how different Joker and Harly are from each other. Harly is certainly a newer model of Trojan, based on the old original. But is Harly's phone infected more dangerous? Is the novelty more popular than the Joker?

– Harly is indeed a popular malware for Android. However, we still believe that Joker was the most dominant malware targeting this system in 2022, the specialist concludes. As Sergey Shykevich adds, Joker was absolutely the most popular malware for mobile systems observed by Chceck Point last year.

However, it is not that Joker and Harly are unique or particularly difficult to diagnose. The detection of these Trojan families will be very similar to the detection of other Android malware, our interlocutor assures.

Joker and Harly – what popular Trojans can do to your phone

One of the most important questions is regarding the capabilities of Joker and Harly. What can Trojans do if we accidentally download applications infected with them?

– Joker's main action is to subscribe to paid premium services on her behalf, but without her knowledge. As part of its capabilities, the malware also has access to SMS messages, which allows the attacker to access one-time passwords sent via SMS, warns Shykevich.

That's not all, because in addition to running up a high bill, the Trojan can even target our savings. – Potentially, Joker may also enable cybercriminals to take over victims' bank accounts, even if they are protected by multi-factor authentication – adds the Wprost.pl interlocutor.

What are the real chances that we will infect our phone with Joker? After all, infected applications usually do not have many downloads and are caught by Google relatively quickly. Is there anything to be afraid of?

– Even if a typical malicious Joker app has several thousand downloads, we have to look at this phenomenon differently. Assuming that there are thousands of such malicious applications, the number of victims is in the millions, argues Check Point specialist.

How not to fall for it? In particular, we should be careful with new applications in the Play Store that are downloaded by only a few users. Hackers often use quite simple applications from several categories for nefarious purposes.

Popular “lures” are apps for simple entertainment or personalizing your smartphone by changing the wallpaper or screensaver. Screen mirror and screen casting applications are also common.