Half a million Huawei Android phones hit by Joker malware

Huawei
(Image credit: Future)

Security researchers have found over 500,000 Huawei smartphone users have downloaded applications tainted with the Joker malware that unwittingly subscribes users to premium mobile services.

The Joker family of malware has been infecting apps on Google's Play Store for the last few years, but this is the first instance of it cropping up on Huawei’s platform. Huawei users are currently unable to access the Google Play Store due to US trade sanctions, and instead use the company's in-house AppGallery platform.

"Doctor Web malware analysts come across new versions and modifications of these [Joker] trojans almost daily. They were formerly seen most often on the official Android app store―Google Play. The attackers, however, have apparently decided to expand the scale of their activity and shift their attention to alternative catalogs supported by major players on the mobile device market," noted the researchers at antivirus company Doctor Web who uncovered the threat..

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> <a href="https://project.tolunastart.com/s/r9AXk4" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window<<

Subdued notifications

The researchers found the malware masquerading inside ten seemingly harmless apps in AppGallery. While the apps functioned as advertised, they conducted the unscrupulous activity in the background.

Analysis of the malicious code revealed that once activated inside the app, it would connect to a command and control (C2) server to receive additional configurations and components. These were then used to surreptitiously subscribe users to premium mobile services. 

In order to intercept and respond to any confirmation code delivered via SMS by the subscription service, the infected apps would request access to notifications.

The researchers observed that while the malware in this latest campaign subscribed the users to a maximum of five services, there was nothing that prevented the threat actors from upping this number any time they wished.

A majority of the apps were developed by a single developer, while two came from another one. In all, the researchers note, over half a million copies of the apps were downloaded by the time Huawei removed them from AppGallery after being intimidated by the researchers.

Via: BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.