Researchers have newly discovered that more than 500,000 Huawei users have been victimized by the Joker Android malware by infesting its official AppGallery.
Mal-abilities of the Joker Android malware:
According to the research analysis, there were ten apps on the Huawei AppGallery found to be deploying the Joker malware to the premium mobile by masking the malware code within themselves to connect to malicious command and control server to transmit configurations and supplementary malware components.
The applications containing the Joker malware downloaded supplementary elements that subscribed users to premium mobile services while maintaining the advertised ability.
To mask its presence from victims, the malicious apps request access to notifications.
This inherently facilitates them to block confirmation codes coming via SMS by the subscription service.
According to the researchers, the malware has the ability to subscribe a victim to five services, however, the constraint can be modified at any instant.
The list of malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Also read,
More than 538,000 Huawei users had already downloaded these ten malicious apps.
Doctor Web, a Russian IT services and antivirus company had detected the presence of the Joker malware and reported it to Huawei.
The tech organization has since removed the malicious apps from their AppGallery.
While new users can no longer download them, those that already have the apps running on their devices need to run a manual cleanup.
Huawei AppGallery malicious apps:
The application names and packages of the 10 Joker Android malware apps are:
- Super Keyboard (com.nova.superkeyboard)
- Happy Colour (com.colour.syuhgbvcff)
- Fun Color (com.funcolor.toucheffects)
- New 2021 Keyboard (com.newyear.onekeyboard)
- Camera MX – Photo Video Camera (com.sdkfj.uhbnji.dsfeff)
- BeautyPlus Camera (com.beautyplus.excetwa.camera)
- Color RollingIcon (com.hwcolor.jinbao.rollingicon)
- Funney Meme Emoji (com.meme.rouijhhkl)
- Happy Tapping (com.tap.tap.duedd)
- All-in-One Messenger (com.messenger.sjdoifo)
After successful activation, the malware communicates with its remote server to obtain the configuration file containing an order of lists, websites for premium services, JavaScript that mimics user interaction.
Active history of the Joker Android malware:
The mal-operations of the Joker Android malware can be traced back to at least 2017 when it was widely prevailing and deploying via the Google Play store.
In 2017, more than 70 apps were reportedly compromised due to the malware.
Subsequently, Google reported in 2020 that since 2017, more than 1500 Joker infects apps had been eliminated from the app store.
Last year, early July also reported cases of Joker malware exploiting the Google Play Store.
Post Copy- Huawei AppGallery was found to be an active ground for Joker Android malware with more than 500,000 users impacted.