Half a million Huawei Android phones hit by Joker malware
Trade sanctions don’t apply to malware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have found over 500,000Huawei smartphoneusers have downloaded applications tainted with the Jokermalwarethat unwittingly subscribes users to premium mobile services.
The Joker family of malware has been infectingapps on Google’s Play Storefor the last few years, but this is the first instance of it cropping up on Huawei’s platform. Huawei users are currently unable to access theGoogle Play Storedue to US trade sanctions, and instead use the company’sin-house AppGalleryplatform.
“Doctor Webmalware analysts come across new versions and modifications of these [Joker] trojans almost daily. They were formerly seen most often on the official Android app store―Google Play. The attackers, however, have apparently decided to expand the scale of their activity and shift their attention to alternative catalogs supported by major players on the mobile device market,” noted the researchers atantiviruscompany Doctor Web who uncovered the threat..
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Subdued notifications
The researchers found the malware masquerading inside ten seemingly harmless apps in AppGallery. While the apps functioned as advertised, they conducted the unscrupulous activity in the background.
Analysis of the malicious code revealed that once activated inside the app, it would connect to a command and control (C2) server to receive additional configurations and components. These were then used to surreptitiously subscribe users to premium mobile services.
In order to intercept and respond to any confirmation code delivered via SMS by the subscription service, the infected apps would request access to notifications.
The researchers observed that while the malware in this latest campaign subscribed the users to a maximum of five services, there was nothing that prevented the threat actors from upping this number any time they wished.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A majority of the apps were developed by a single developer, while two came from another one. In all, the researchers note, over half a million copies of the apps were downloaded by the time Huawei removed them from AppGallery after being intimidated by the researchers.
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs
