Over 500,000 Huawei users infected with Joker malware after downloading tainted apps from the company’s official Android application.
Over 500,000 Huawei users infected with Joker malware after downloading tainted apps from the company’s official Android application.
Doctor Web’s virus analysts discovered the first malware on the official app store AppGallery, from the Huawei Android device manufacturer.
The malicious apps were camouflaged as virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, colouring programs, and a game. Eight of these apps were developed by Shanxi kuailaipai network technology co., ltd, the remaining two from a different one. Doctor Web says that more than 538,000 Huawei users downloaded these ten apps.
Even though new users can no longer download them, those that already have the apps running on their devices need to run a manual cleanup.
The table below lists the name of the application and its package:
| Application name | Package name |
| Super Keyboard | com.nova.superkeyboard |
| Happy Colour | com.colour.syuhgbvcff |
| Fun Color | com.funcolor.toucheffects |
| New 2021 Keyboard | com.newyear.onekeyboard |
| Camera MX - Photo Video Camera | com.sdkfj.uhbnji.dsfeff |
| BeautyPlus Camera | com.beautyplus.excetwa.camera |
| Color RollingIcon | com.hwcolor.jinbao.rollingicon |
| Funney Meme Emoji | com.meme.rouijhhkl |
| Happy Tapping | com.tap.tap.duedd |
| All-in-One Messenger | com.messenger.sjdoifo |
Once the malware is executed, it connects to the C&C server to receive the necessary configuration and download and launch one of the additional components.
According to the Doctor Web report, the malicious apps retained their advertised functionality but downloaded components that subscribed to premium mobile services.
“The downloaded component is responsible for automatically subscribing Android device users to premium mobile services. In addition, the decoy apps request access to notifications that they will later need to intercept incoming SMS from premium services with subscription confirmation codes.” reads the report.
“The same apps set the limit on the number of successfully activated premium services for each user. By default, the limit is set to 5, but it can be increased or decreased upon receiving the configuration from the C&C server.”
Huawei users who have already installed the malicious apps have to remove them manually.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?