More than 500,000 Huawei Android devices have been infected with the Joker malware.
What is joker malware?
The Joker malware is a malicious code disguised as a system app that allows attackers to disable Google Play Protect, install malicious apps, create fake ratings, and display ads.
How joker malware works?
The spyware could be used to steal SMS messages, contact lists, and device data, as well as sign victims up for premium service subscriptions.
Doctor Web researchers found ten malicious applications in AppGallery.
News Highlight
The Joker malware is a malicious code disguised as a system app that allows attackers to disable Google Play Protect, install malicious apps, create fake ratings, and display ads
More than 500,000 Huawei users have downloaded applications infected with Joker malware that subscribes to premium mobile services from the company’s official Android store
The majority came from one developer (Shanxi Kuailaipai Network Technology Co., Ltd.), while two came from another. According to Doctor Web, over 538,000 Huawei users have downloaded these ten apps
More than 500,000 Huawei users have downloaded applications infected with Joker malware that subscribes to premium mobile services from the company’s official Android store.
The Android Joker Malware apps maintained their advertised features but downloaded components that subscribed users to premium mobile services, according to a study by antivirus firm Doctor Web.
Infected apps demanded access to notifications in order to keep users in the dark, allowing them to intercept confirmation codes sent via SMS by the subscription service.
The malware could only subscribe a user to a maximum of five providers, according to the researchers, but the threat actor could modify this restriction at any time.
What apps have malware?
The malicious apps found included a Virtual keyboard, a camera app, a launcher, an online messenger, a sticker set, colouring apps, and a game.
The majority came from one developer (Shanxi Kuailaipai Network Technology Co., Ltd.), while two came from another. According to Doctor Web, over 538,000 Huawei users have downloaded these ten apps.
These apps were reported to Huawei, and the company removed them from AppGallery. Although new users are no longer able to download them, those who already have them installed must perform a manual cleanup. The application’s name and package are listed below:
Joker Malware App List
Application Name – Package Name
Super Keyboard – com.nova.superkeyboard
Happy Colour – com.colour.syuhgbvcff
Fun Color – com.funcolor.toucheffects
New 2021 Keyboard – com.newyear.onekeyboard
Camera MX – Photo Video Camera – com.sdkfj.uhbnji.dsfeff
BeautyPlus Camera – com.beautyplus.excetwa.camera
Color RollingIcon – com.hwcolor.jinbao.rollingicon
Funney Meme Emoji – com.meme.rouijhhkl
Happy Tapping – com.tap.tap.duedd
All-in-One Messenger – com.messenger.sjdoifo
Following execution, the malware connects to the C&C (Command and Control) server to receive the necessary configuration and to download and launch one of the additional components. Users of Android devices were automatically subscribed to premium mobile services as a result of the component. The apps ask for notification permission in order to intercept incoming SMS from premium services containing subscription confirmation codes.
The same apps place a restriction on how many successfully enabled premium services a user may have. The limit is set to 5 by default, but it can be increased or decreased once the configuration from the C&C server is received.
Also read: Facebook advertised a fake ‘Clubhouse for PC’ app infected with malware