After infecting thousands of Android smartphones via the Google Play Store between 2019 and 2020, the Joker malware has just reached more than 500,000 users on Huawei’s AppGallery. Here is how to detect it.
After the malware that was hiding under the Netflix icon on the Play Store, here is a piece of malware that has affected 500,000 users thanks to the AppGallery, Huawei’s app store.
A malicious application called “Joker”
Joker is a spy app, it was designed to steal your SMS, your contact lists and many other data from your smartphone. Between 2019 and October 2020, we learned that more than a dozen of these applications had been discovered on the Google Play Store, which means that this malware had managed to pass Google’s security check for over a year. Several months later, we just found the Joker malware on the Huawei AppGallery.
In a Doctor Web article, we are told that security researchers found ten seemingly harmless apps in the AppGallery that contained code to connect to a remote server to load additional data and components. The list of malicious apps includes virtual keyboards, a camera app, an app launcher, an instant messenger app, a paint app, and a game.
These applications have been downloaded by more than 538,000 Huawei smartphone users. Thanks to a system authorization access to notifications, they were able to intercept the confirmation codes sent by the subscription service by SMS. This made it possible to steal money from those affected directly on their mobile subscription bill.
- Superkeyboard (com.nova.superkeyboard)
- Happy Color (com.colour.syuhgbvcff)
- Fun Color (com.funcolor.toucheffects)
- New Keyboard 2021 (com.newyear.onekeyboard)
- Camera MX (com.sdkfj.uhbnji.dsfeff)
- Camera BeautyPlus (com.beautyplus.excetwa.camera)
- Color RollingIcon (com.hwcolor.jinbao.rollingicon)
- Funney Meme Emoji (com.meme.rouijhhkl)
- Happy Tapping (com.tap.tap.duedd)
- Messenger All-in-One (com.messenger.sjdoifo)
All app stores are often affected by similar Joker malware attacks. In early 2020, Google announced that it had removed around 1,700 applications infected with the Joker malware. Google performs automatic checks, but this malware is found on many other app stores. Again, you need to be careful while downloading Android apps, especially if you are recovering APK files from unknown sources.