We’ve spoken about the Joker malware before, of course. Awhile back, news emerged that a number of apps on the Google Play Store contained malware that stole social media credentials, while newer variants of the Joker virus were also hidden in various apps on the official Android app store. However, it now looks like the malware is migrating across to a brand new platform, one that was only recently created: the Huawei AppGallery.
According to a new report from Bleeping Computer, over 500,000 Huawei users have been discovered to have downloaded Joker-infected apps from the AppGallery. This malware automatically uses your device to subscribe to premium mobile services—without you knowing—with infected apps containing code to connect to a command-and-control server for instructions.
What’s worrying is that the infected apps can be difficult to detect, given the fact that many of these apps actually work as advertised (with added, unwanted functionality, of course). The apps usually also require access permissions to notifications—which allow the apps to access verification codes that are usually sent via SMS. All in all, the Joker malware can subscribe unknowing users to multiple paid services at any time—with a maximum of five at the same time.
If you want to avoid these apps (and you would, I’m guessing), Doctor Web reports that most of these come from Shanxi Kuailaipai Network Technology, with the following apps downloaded the most:
- Super Keyboard
- Happy Colour
- Fun Color
- New 2021 Keyboard
- Camera MX – Photo Video Camera
- BeautyPlus Cmaera
- Color RollingIcon
- Funney Meme Emoji
- Happy Tapping
- All-in-One Messenger
These apps have since been removed by Huawei, although if you have already installed them, be sure to manually check through your device to delete the apps, as well as associated installation packages and system files.
The Joker malware has been around for a number of years now, first emerging in 2017. It has mostly targeted apps in the Google Play Store, but with the AppGallery also listing Android mobile apps (new Huawei devices no longer have access to the Play Store or GMS), this new migration makes a degree of sense. Due to the difficulty of detecting infected apps, you’re best advised to always be on the lookout for apps that require more permissions than they should, while you should also try to avoid saving payment details in your phone if possible.
For the full report from Dr Web, click here.