More than 500,000 Huawei users have been infected by Joker, the notorious Android-based malware. Read on to know more about it…
Joker, the notorious Android malware family, has compromised over 500,000 Huawei users and forced them to pay for unnecessary premium mobile services. The malware has infected ten apparently harmless applications on the official Android store for Huawei devices, the AppGallery, according to Doctor Web.
Joker, dubbed as “malware that signs you up for expensive services,” has been sweeping Android markets for several years. The Joker malware family infects apps on Google’s Play Store in general, but this is the first time it has infected Huawei’s site. Huawei users are currently unable to access the Google Play Store due to US trade restrictions, and must instead rely on the company’s own AppGallery platform.
Observations
According to a study by Doctor Web, the malicious apps’ branded functionality was preserved, but their downloaded components were subscribing users to premium mobile services. The analysis of the malicious code disclosed that when enabled within the app, the malicious code connected to a Command and Control (C2) server to obtain additional configurations and components, according to an analysis of the malicious code.
In order to remain undetected, the compromised apps requested notification access in order to intercept confirmation codes sent from SMS via the subscription service without the knowledge of the victims. The malware-infected apps could sign up an infected user for up to five different services. However, the malware’s creators have the ability to modify this restriction at any point of time. A launcher, a camera application, an online messenger, colouring programs, a sticker set, virtual keyboards, and a game are among the malicious applications on the list.
The researchers at antivirus company Doctor Web who uncovered the threat noted “Doctor Web malware analysts come across new versions and modifications of these [Joker] trojans almost daily. They were formerly seen most often on the official Android app store―Google Play. The attackers, however, have apparently decided to expand the scale of their activity and shift their attention to alternative catalogs supported by major players on the mobile device market,”
538,000 Huawei users downloaded these ten malicious games. Shanxi Kuailaipai Network Technology Co., Ltd. developed the majority of these apps, but two of them were created by others.
Past Developments
Joker has been active on the Android platform since 2017, and it is now one of the most active threats. In January, new Joker malware samples managed to get through Google’s defences and into the Google Play Store. Last year, a new Joker version infiltrated the Google Play Store and corrupted users by inserting malicious code into the Android Manifest file.
Damage Control
These malicious applications have been removed from AppGallery, according to Doctor Web. Although new users are no longer able to download them, those who already have them installed must perform a manual cleanup.
About half a million versions of the apps had been downloaded by the time Huawei removed them from AppGallery.
Concluding Words
Despite Google’s efforts to combat them by implementing new policies and defence mechanisms, Joker’s operators are constantly changing their strategies and exploiting every potential weakness in the Play Store’s defences. As a result, smartphone users should exercise extreme caution when downloading new apps, including from reputable sources.