More than 500,000 Huawei users downloaded apps infected with Joker malware

Android Malware

According to the information, more than 500,000 Huawei users downloaded apps infected with Joker malware from the company’s official Android store and subscribed to premium mobile services. Researchers found 10 seemingly harmless applications in AppGallery that contain code that connects to malicious command and control servers to receive configuration and add-ons.

A report by anti-virus vendor Doctor Web pointed out that these malicious applications retain their advertised functions, but the downloaded components allow users to subscribe to advanced mobile services. In order to make users undetectable, the infected application requires access to notifications, which allows them to intercept the confirmation code sent by the subscription service via SMS.

According to the researchers, the malware can subscribe to up to five services for a user, but the threat actor can modify this limit at any time. The list of malicious applications includes virtual keyboards, camera applications, launchers, online messengers, sticker collection, coloring programs, and games.

Most of them are from one developer, and two are from different developers. These ten applications were downloaded by more than 538,000 Huawei users. These apps inform Huawei that the company has deleted these apps from AppGallery.

Application Names:

Super Keyboard
Happy Colour
Fun Color
New 2021 Keyboard
Camera MX – Photo Video Camera
BeautyPlus Camera
Color RollingIcon
Funney Meme Emoji
Happy Tapping
All-in-One Messenger

The researchers said that the same modules downloaded by the infected application in AppGallery also exist in other applications on Google Play and are used by other versions of Joker malware. The complete list of infected apps is available here.

The history of Joker malware can be traced back to 2017, and its traces are constantly being found in applications distributed through the Google Play store. In October 2019, Kaspersky’s Android malware analyst Tatyana Shishkova posted more than 70 hacked apps on Twitter, and these apps have entered the official store.

And reports of malicious software in Google Play continue to appear. At the beginning of 2020, Google announced that since 2017, about 1,700 apps infected with Joker have been deleted. In February last year, Joker still existed in the store, and even in July last year, it continued to slip away from Google’s defense system.

(Via)

Huawei Update Social Platform Links – Facebook, Twitter & Telegram

Min

Min En specializes in smartphone reviews, EMUI/HarmonyOS coverage, and mobile industry analysis. His in-depth knowledge of Huawei's ecosystem, from flagship devices to emerging technologies, makes him a trusted voice in the tech community.