The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google’s official Android app store. Check Point researchers who spotted the new Joker variant reported 11 apps to Google, applications that were removed from the official Android marketplace by April 30, 2020. The new method of infection used by Joker includes the following three steps: Build payload first, build its payload beforehand,. Skip payload loading: During evaluation time, Joker does not even try to load the malicious payload. After the evaluation period, after it s been approved, the campaign starts to operate, malicious payload decided and loaded.
Source: https://www.bleepingcomputer.com/news/security/joker-android-malware-keeps-evading-google-play-store-defenses/