The 'Joker' Virus: Everything You Need To Know – Updated July 2022

Android Virus Malware Cyberthreat AH 2019

The ‘Joker’ virus has been around since 2017, it has been a recurring thread to Android OS to this day. You’ve probably heard of this virus on more than one occasion. Considering that it surfaced two times in the last couple of months, we’ve decided to give you more detailed information about it.

We’ll start from the beginning, and explain to you what exactly is the ‘Joker’ virus / trojan. That will, hopefully, help you avoid it moving forward. We’ll also update this article as new occurrences happen, as they’re becoming more frequent.

What is the ‘Joker’ virus?

The ‘Joker’ virus or malware, as it’s often referred to, is malicious code that hides in Android applications. Those applications are usually placed in the Google Play Store, and the malware remains undetected at first. That’s enough for it to do some major damage. This malware is classified as ‘spyware Trojan’, and it belongs to a family of malware known as “Bread”. Their whole goal is to authorize operations without the user’s knowledge or consent, and create financial damage by doing so.


What does it do, exactly?

There are all sorts of misdeeds that this virus / malware can do. It can steal your SMS messages, contact list, and device information. Based on that, it can interact with advertisement websites, and subscribe you to premium services without you knowing about it. That way, it creates financial damage to you, directly. It first relied on SMS frauds, but that wasn’t enough, as it evolved, and it now does online payments in the background.

When did the ‘Joker’ virus first appear?

The ‘Joker’ malware first popped up back in 2017. Back then, it relied on SMS frauds, but it quickly evolved to do some significant damage in the background, by subscribing users to various services, and affecting their bank accounts.

What other occurrences are worth noting?

This malware appeared in September 2020 as well, when it was found in 24 Android applications. Together, those apps registered over 500,000 downloads, before Google removed them. The malware, at this point, affected people in more than 30 countries around the world, including the US, Brazil, and Spain, amongst others.


In June 2021, it was found in 8 new apps. By the time the report went out, all of those apps were removed from the Google Play Store. This report also clarified that the app usually spreads by scanner, wallpaper, and message applications that end up in the Play Store.

Soon after the previous incident, the ‘Joker’ malware appeared in August 2021. This time around, it was found in 16 applications that were available in the Play Store. Once again, those were mostly PDF scanner apps, SMS apps, and messaging apps in general. This time around it wasn’t clarified how many people downloaded those apps before they were removed.

In October 2021, a Squid Game-related app with Joker malware was spotted in the Google Play Store. The app’s name is “Squid Wallpaper 4K HD”, and it was removed after around 5,000 people downloaded it.


In November 2021, the malware resurfaced. It was spotted in 7 applications in the Play Store. One of them had over 50,000 downloads.

In December 2021, the Joker appeared once again. This time around it made an appearance in an app with over 500,000 downloads (at the time it was removed), and that app was available via the Google Play Store. The app’s name is ‘Color Message’.

The ‘Joker’ came back in July 2022. It was spotted in four applications that have been swiftly removed from the Google Play Store. Together, those apps had over 100,000 downloads.


How many apps were infected since the inception of this virus?

Back in January 2020, Google reported that it removed over 1,700 apps that contained this malware. So, the company did most of the heavy lifting in the process, as it removed most of those apps before cybersecurity companies even noticed. We were unable to find a more recent number, but considering that the malware is being mentioned more frequently by cybersecurity companies, we fear that many more apps got infected.

What can I do to protect myself?

Avoid downloading new apps that seem fishy. As already mentioned, this malware usually hides in apps that pretend to be SMS apps, applications for messaging, scanning PDF files, and similar. It’s, of course, possible to find it in image editing apps, and so on. Before you download an app, make sure to check the reviews, and if possible, don’t download apps the moment they are sent to the Google Play Store. This may affect the developers, unfortunately, but at least you’ll have some time to make sure it’s not a scam. Or, alternatively, check where the app is coming from. If it’s a developer that you trust, then feel free to download it. Also, make sure to think about the permissions a specific app asks for you. If they seem unrealistic for that type of app, you may think twice before you install it.

What are the symptoms of infection with the ‘Joker’ malware?

Most of the time, you won’t notice anything, at least based on what we’ve seen thus far. Well, you will notice the damage once you notice a change in your finances, but considering that this virus operates in the background, it can do a lot of damage without your knowledge. It will request some permissions upon app installation, though that’s what every app does. On some occasions, you may notice that your device slowed down a bit, which could be the case with phones that are inferior in regards to hardware. You may also notice new apps popping up on your phone, though that will rarely happen in the app launcher. If that happens, it will be hidden in your app list. This is not as probable though, due to various limitations put into place. Besides, that’s not how the ‘Joker’ usually functions.


Can apps outside of the Play Store be infected?

Of course. Though such apps usually aim at the Play Store as far more people download apps that way. When it comes to installing apps outside of the Play Store, you should be extremely careful. Such apps haven’t been properly checked by Google, and can contain various malware. So, make sure to install only apps you trust if you manually install them, from a third-party source.