Security researchers have found that over half a million Huawei smartphones have been infected with the Joker malware.
The Joker malware has been doing the rounds on Google Play for a while, and signs up the infected phone to premium mobile subscriptions. But this is the first time it’s been spotted on Huawei devices (via BleedingComputer).
The malware was discovered by researchers from Doctor Web, hidden inside 10 harmless-looking apps within Huawei’s AppGallery. Normally, Joker malware spreads through Google Play, but researchers have now realized the people behind it appear to have expanded their efforts to alternate Android app stores.
The apps themselves function as promised, but also do a bunch of nefarious stuff in the background. In the past, Joker apps have been found to subscribe users to premium SMS services, in part by intercepting and responding to SMS confirmation codes. That means users would find themselves with a hefty bill at the end of the month.
What’s more, Joker could also steal contact lists and text messages, in order to help itself spread amongst your friends.
The malware was first disclosed after it made its way to Google Play back in 2019. Google has booted a couple dozen apps from Google Play in the time since, but the people behind these scam apps now appear to be taking it further afield.
Doctor Web researchers noted that in this instance, the maximum number of services Joker will subscribe a user to is five. That’s a lot, and it was noted that the crooks behind the scenes could increase that number whenever they liked.
The apps in question include a virtual keyboard, messaging apps, sticker collections, a game, and more. Many of the offending apps came from the same developer, and fortunately Huawei has removed them all from AppGallery now — though not before they were downloaded over half a million times.
Unfortunately, not having a Huawei phone doesn’t mean you’re safe. Researchers noted that the same modules downloaded by infected apps in AppGallery were also present in apps on Google Play. A full list of indicators of compromise is available here, if you want to check for yourself.
So sticking to Google’s own app store doesn’t guarantee safety; be careful what you download, folks, no matter where you get those apps from.