CSIS Security Group analyst Aleksejs Kuprins made the discovery, which he wrote about in a Medium post. Joker surreptitiously signs its victims up to premium subscription services by simulating the sign-up process. It also steals SMS messages, contact lists, and device information.
Kuprins explains that “the automated interaction with the advertisement websites includes simulation of clicks and entering of the authorization codes for premium service subscriptions.”