Joker is a malicious code as a system app and allows attackers to perform a broad range of malicious operations, including damage the Google Play Protect service, install malicious apps, generate fake reviews. spyware successfully steal data of SMS messaging, contact list. Upon downloading and executing the apparently harmless apps, they worked as users would have expected to avoid raising suspicion. To pass the Google checks on apps, the author of Joker basically used an obfuscation technique to hide its malicious code in the application as Base64 encoded strings. Once the malware is executed it connects to the C&C server to receive the necessary configuration and download and launch one of the additional components. The example shown in researchers report is an app for providing images of flowers to use as wallpaper.