HomesecurityJoker malware: Infected over 500.000 Huawei Android devices!

Joker malware: Infected over 500.000 Huawei Android devices!

More than 500.000 Huawei users were "infected" by Joker malware, after downloading "infected" applications from the company's official Android store. Joker malware is one malicious code which appears as a system application and allows attackers to perform a wide range of malicious actions, including disabling the service Google Play Protect, install malware, create fake reviews, and display ads. This malware can also steal SMS messages, contact lists and device information, as well as register victims in premium service subscriptions.

Read also: Android malware appears as a Netflix app and violates WhatsApp conversations

Huawei Android devices
Joker malware: Infected over 500.000 Huawei Android devices!

Experts from Doctor Web, an antivirus protection company, discovered ten applications in AppGallery that contained the malicious code. A post published by Doctor Web states the following: Doctor Web virus analyzers have uncovered the first malware in AppGallery - the official app store from Android device maker Huawei. They proved to be dangerous Android. Joker trojans that work mainly to register users in premium mobile services. In total, our experts discovered that 10 modifications of these trojans have been found in AppGallery, with more than 538.000 users having installed them. "

To keep users "in the dark" infected applications requested access to notifications, which allowed them to steal confirmation codes delivered via SMS from the subscription service.

See also: New Android malware appears as a system update!

According to the researchers, the malware could register a user in a maximum of five services, although malicious agents could modify that number at any time.

Joker malware-Android devices-Huawei
Joker malware: Infected over 500.000 Huawei Android devices!

The list of malicious applications included virtual keyboards, a camera application, a launcher, an online messenger, a collection of stickers, coloring programs, and a game.

Joker malware: Infected over 500.000 Huawei Android devices!
Joker malware: Infected over 500.000 Huawei Android devices!

Most of them came from a developer (Shanxi Kuailaipai Network Technology Co., Ltd.). Doctor Web informed Huawei about these applications and the company removed them from AppGallery. While new users can no longer download them, those who already have applications running on their devices must perform a manual cleanup.

According to the researchers, the same modules that were downloaded from the infected applications in AppGallery, existed in other applications on Google Play, used by other versions of Joker malware.

Joker malware
Joker malware: Infected over 500.000 Huawei Android devices!

Proposal: Huawei: Removes Nike and Adidas from its app store

Once activated, the malware "communicates" with its remote server to receive the configuration file, which contains a list of tasks, websites for premium services, and JavaScript that "mimics" user interaction.

The history of Joker malware began in 2017, with it constantly being in applications distributed through the Google Play store. In October 2019, Tatyana Shishkova, Android malware analyst at Kaspersky, tweeted about more than 70 applications from the official store that owned the malware. And reports of malware on Google Play continued. In the early 2020s, Google announced that by 2017, it had removed approximately 1.700 applications who had been infected by the Joker. Last February, the Joker was still in the store and continued to bypass Google's defense, even in July last year.

Source of information:

Every accomplishment starts with the decision to try.