Skip to main content

Joker malware has infected 500,000 Huawei phones — what you need to know

Huawei Mate 40 Pro review
(Image credit: Tom's Guide)

Security researchers have found that over half a million Huawei smartphones have been infected with the Joker malware

The Joker malware has been doing the rounds on Google Play for a while, and signs up the infected phone to premium mobile subscriptions. But this is the first time it’s been spotted on Huawei devices (via BleepingComputer).

The malware was discovered by researchers from Russian antivirus firm Doctor Web, hidden inside 10 harmless-looking apps within Huawei’s AppGallery. 

Normally, Joker malware spreads through Google Play, but researchers have now realized the people behind it appear to have expanded their efforts to alternate Android app stores.

The apps themselves function as promised, but also do a bunch of nefarious stuff in the background. In the past, Joker-infected apps have been found to subscribe users to premium SMS services, in part by intercepting and responding to SMS confirmation codes. That means users would find themselves with a hefty bill at the end of the month.

What’s more, Joker could also steal contact lists and text messages, in order to help itself spread amongst your friends.

The malware was first disclosed after it made its way to Google Play back in 2019. Google has booted a couple dozen apps from Google Play in the time since, but the people behind these scam apps now appear to be taking it further afield.

Doctor Web researchers noted that in this instance, the maximum number of services Joker will subscribe a user to is five. That's a lot, and it was noted that the crooks behind the scenes could increase that number whenever they liked. 

The apps in question include a virtual keyboard, messaging apps, sticker collections, a game, and more. Many of the offending apps came from the same developer, and fortunately Huawei has removed them all from AppGallery now — though not before they were downloaded over half a million times.

Unfortunately, not having a Huawei phone doesn’t mean you’re safe. Researchers noted that the same modules downloaded by infected apps in AppGallery were also present in apps on Google Play. A full list of indicators of compromise is available here, if you want to check for yourself.

So sticking to Google’s own app store doesn’t guarantee safety; be careful what you download, folks, no matter where you get those apps from.

Tom Pritchard

Tom covers a little bit of everything at Tom’s Guide, ranging from the latest electric cars all the way down to hot takes on why Christopher Nolan is wrong about everything. Appliances are also muscling their way into his routine, which is a pretty long way from his days as Editor at Gizmodo UK. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining that Ikea won’t let him buy the stuff he really needs online.