The Joker malware has been doing the rounds on Google Play for a while, and signs up the infected phone to premium mobile subscriptions. But this is the first time it’s been spotted on Huawei devices (via BleepingComputer (opens in new tab)).
- These are the best Android phones you can buy right now
- Huawei Mate 40 Pro review: Huawei's best hardware, let down by app problems
- Plus: Google unveils Heads Up for Pixel phones
The malware was discovered by researchers from Russian antivirus firm Doctor Web, hidden inside 10 harmless-looking apps within Huawei’s AppGallery.
Normally, Joker malware spreads through Google Play, but researchers have now realized the people behind it appear to have expanded their efforts to alternate Android app stores.
The apps themselves function as promised, but also do a bunch of nefarious stuff in the background. In the past, Joker-infected apps have been found to subscribe users to premium SMS services, in part by intercepting and responding to SMS confirmation codes. That means users would find themselves with a hefty bill at the end of the month.
What’s more, Joker could also steal contact lists and text messages, in order to help itself spread amongst your friends.
The malware was first disclosed after it made its way to Google Play back in 2019. Google has booted a couple dozen apps from Google Play in the time since, but the people behind these scam apps now appear to be taking it further afield.
Doctor Web researchers noted that in this instance, the maximum number of services Joker will subscribe a user to is five. That's a lot, and it was noted that the crooks behind the scenes could increase that number whenever they liked.
The apps in question include a virtual keyboard, messaging apps, sticker collections, a game, and more. Many of the offending apps came from the same developer, and fortunately Huawei has removed them all from AppGallery now — though not before they were downloaded over half a million times.
Unfortunately, not having a Huawei phone doesn’t mean you’re safe. Researchers noted that the same modules downloaded by infected apps in AppGallery were also present in apps on Google Play. A full list of indicators of compromise is available here (opens in new tab), if you want to check for yourself.
So sticking to Google’s own app store doesn’t guarantee safety; be careful what you download, folks, no matter where you get those apps from.
- More: Huawei Mate X2: Release date, specs, price, and more