For starters, they found that apps modified in this way have Android Manifest files that contain newer timestamps than the rest of the files in the software package.

Joker has been building its payload before inserting it into the “Android Manifest” file via a dex file, hidden in the form of Base64 encoded strings.

The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store.

In this latest iteration, Joker hides its code in the Android manifest file for an app. By going this route, Joker doesn’t need to access a command and control (C&C) server to download its ...

“The Android Manifest file is common for all Android apps—every app needs to have this configuration file.

Researchers have spotted the first in-the-wild apps to exploit a critical Android vulnerability allowing attackers to inject malicious code into legitimate programs without invalidating their ...