More than 500,000 Huawei smartphone users have downloaded the Joker malicious app without even knowing it.
Doctor Web researchers discovered 10 seemingly harmless apps on AppGallery – Huawei’s official app market – that contain codes that connect to malicious C&C servers to take over additional configuration and components. These additional components bypass the user, automatically signing up for the paid service. To cover the phone’s owner, they demanded access to the notification and then interfered with the SMS verification code sent by the paid service. According to experts, the malicious code will subscribe to up to 5 such services, although developers can change the limit at any time. The list of infected applications range from virtual keyboards, photography, launchers, texting to stickers, games. Most have the same developer, Shanxi Kuailaipai Network Technology. In total, 10 apps were downloaded by more than 538,000 Huawei users. Doctor Web reported to Huawei and the company removing them from AppGallery. However, downloaders still have to manually delete the device. Below is a list of software that need to be removed immediately: Super Keyboard, Happy Color, Fun Color, New 2021 Keyboard, Camera MX – Photo Video Camera, BeautyPlus Camera, Color RollingIcon, Funney Meme Emoji, Happy Tapping, All-in-One Messenger. Experts say that modules downloaded from the malicious AppGallery also appear in other apps on Google Play. Once activated, they contact the remote server to receive the configuration file, which contains the task list, the paid service website, and the JavaScript mimics the user’s actions. The Joker malware was born in 2017, continuously detected in apps on Google Play Store. In October 2019, Kaspersky malware analyst Tatyana Shishkova tweeted about more than 70 malicious applications on the Google market. According to Google, they have removed about 1,700 Joker malicious apps since 2017. Du Lam (According to BleepingComputer)
You must log in to post a comment.