Huawei might not use the Google Play Store anymore but it seems it’s coming under attack from a threat that mirrors what many Android users have been warned of in the past. If you weren’t aware, most new Huawei phones can’t access Google’s popular apps and services due to a US trade ban on the Chinese smartphone firm.
That’s meant Huawei creating its own Play Store rival, called the AppGallery, and it’s this service that has recently attracted the attention of cyber thieves trying to make a quick buck. Some popular apps that were available to download via Huawei’s online marketplace have been found to contain hidden Joker malware tucked inside of them.
Once downloaded, this nasty attack can set about signing users up to premium and expensive subscription services without their consent. What makes this attack so hard to spot is that the apps look pretty harmless and even work as expected when they are launched.
This sinister technique allows attackers to stay below the radar for prolonged periods of time and infect as many devices as possible. The attack was discovered by the cyber security team at Doctor Web who say that the apps were downloaded over 500,000 times by unsuspecting users.
Joker isn’t anything new with it infecting apps on Google’s Play Store in the past. However, this is the first time that it’s been spotted on Huawei’s platform.
Explaining more, Doctor Web’s research team said: “Android.Joker is relatively old malware family known since the fall of 2019. Doctor Web malware analysts come across new versions and modifications of these trojans almost daily. They were formerly seen most often on the official Android app store―Google Play. The attackers, however, have apparently decided to expand the scale of their activity and shift their attention to alternative catalogs supported by major players on the mobile device market.”
All of the offending apps have now been removed from the Huawei AppGallery with the company confirming that, “After receiving an alert from Doctor Web, Huawei hid the trojans in the AppGallery store to protect users. The company will conduct an additional investigation to minimize the risks of such apps appearing in the future”.
That’s great news but owners still need to be cautious.
If you have downloaded and installed the offending application, see list below, on your phone then you must physically delete them to stop any more harm from being done.
Here’s a list of all of the apps found by Doctor Web that contain the Joer malware:
Super Keyboard • Happy Colour • Fun Color • New 2021 Keyboard • Camera MX – Photo Video Camera • BeautyPlus Camera • Color RollingIcon • Funney Meme Emoji • Happy Tapping • All-in-One Messenger