Cyber-security researchers over at CSIS have detailed a scary new Android malware that they say is designed to silently sign-up unsuspecting users up for online subscription services. Named ‘Joker’ by the CSIS researchers, the malware starts off as a Trojan that delivers a second stage component, which, the researchers say, is both a spyware and a stealthy subscription bot that “silently simulates the interaction with advertisement websites, steals the victim’s SMS messages, the contact list and device info”.

According to CSIS malware analyst, Aleksejs Kuprins, the automated interaction with the advertisement websites includes simulation of clicks and entering of the authorization codes for premium service subscriptions. “This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription”, he said.

The malware is said to be found in at least 24 Android apps with more than 472,000 installs on Google Play and, is said to have affected users in at least 37 countries, including India, the UK and the US. Thankfully, though, Google has already been removing these apps even before being notified by CSIS.

Android is no stranger to malicious apps, with reports of widespread malware a dime-a-dozen. The company last July removed a bunch of malicious apps from the Play Store to contain the nasty ‘Agent Smith’ malware, which is said to have affected 25 million devices, largely in India, Pakistan and Bangladesh.