Over 5 lakh Huawei Android devices infected with Joker malware
Over five lakh Huawei users reportedly downloaded apps from Huawei’s official app store thinking they were legitimate apps, only to get infected with the notorious Joker malware. According to a report from Bleeping Computer, security firm Dr Web disclosed that ten applications on the company’s AppGallery were masquerading as official apps, and retained the functionality of the apps they were impersonating — only to perform malicious tasks in the background.
The security firm revealed the security issues recently, stating that it regularly comes across new versions and modifications of the malware, which was initially discovered in 2019. “In total, our specialists discovered that 10 modifications of these trojans have found their way onto AppGallery, with more than 538,000 users having installed them,” Dr Web stated on its website.
Also read: Beware of third party stores! Security firm finds app store infected with malware
As the malicious apps retained all their original functionality, they would work as expected when a user launched them, the security firm said they managed to stay below the radar without being detected by the user. The trojans pretended to be virtual keyboards, a camera app, a launcher, a messaging app, a sticker collection, colouring programs and a game. According to Dr Web, eight of these malware-laden apps were published by “Shanxi kuailaipai network technology co., ltd” while the remaining were published by the developer “何斌”.
The trojans would then connect to a command and control (C&C) server and receive instructions to download and execute additional components. As expected from other variants of the Joker malware, the software signs up the user for premium mobile services and subscriptions. The apps also request access to notifications to intercept incoming SMS from premium services to gain access to the confirmation code, according to Dr Web.
Read more: Hackers update AnarchyGrabber trojan malware to steal Discord tokens, IDs and passwords
The company said that Huawei also unpublished the apps from the AppGallery store after it alerted the tech giant to their existence, and that it would conduct an additional investigation to minimise the risks of such an incident occurring in the future. Dr Web says that its antimalware tool can detect and remove all of the trojans it identified from the AppGallery, something that might come in handy for devices that do not have access to Google Play Protect.