Metadata in the binary points to the username "52pojie," a reference to a well-known Chinese cybersecurity forum. How to Protect Your Device On Google Play, Joker, Facestealer, & Coper Banking Malware
Recent threat intelligence highlights a sophisticated execution chain involving a Windows-based dropper: JOKER Setup.exe
Simulating user clicks to interact with ads and subscription pages. Taking screenshots and making phone calls. Metadata in the binary points to the username