Trojan Spreads Via Malicious Apps in Huawei App Retailer
Joker malware has targeted more than 500,000 Android devices across the world through malicious apps in AppGallery – the official app store of Huawei, according to the security firm Doctor Web.
The Android Trojan, lively since 2017, is able to stealing SMS messages, contact lists and machine info from contaminated smartphones, Physician Net says. Attackers have used the malware in a number of campaigns (see: Updated Joker Android Malware Adds Evasion Techniques).
The malicious apps supplied in Huawei’s App Gallery are a totally functioning digital keyboard, a digital camera app, a launcher, an internet messenger, a sticker assortment, coloring packages and a recreation, Physician Net notes. Victims who use them are unaware of background malicious exercise.
The malicious Joker apps have been downloaded 538,000 occasions. As soon as put in on an Android machine, the attackers use the malware to subscribe the machine to as much as 10 premium cell companies at a time. The attacker owns the abroad “premium service” to which the sufferer unknowingly subscribed after which receives cell service charges paid for through the sufferer’s telephone invoice.
As soon as a malicious app is put in, when customers work together with it, the Trojan connects to the attackers’ command-and-control server and downloads further elements. The downloaded elements then robotically subscribe Android machine customers to premium cell companies.
“The downloaded Trojan module is detected by Dr. Net as Android.Joker.242.origin,” the safety agency notes. “The identical virus report efficiently detects different comparable modules downloaded by all 10 new malware modifications. Furthermore, the identical modules have been utilized by another variations of the Android.Joker, which have been unfold, amongst different locations, on Google Play, for instance, by apps reminiscent of Form Your Physique Magical Professional, PIX Photograph Movement Maker, and others.”
The malicious Joker apps can intercept SMS messages notifications to subscribe to extra cell companies. “By default, the restrict is ready to five, however it may be elevated or decreased upon receiving the configuration from the C&C server. For instance, within the configurations our specialists intercepted, the quantity reached 10,” the report provides.
After being alerted to the malicious Apps by Physician Net, Huawei reported to Physician Net that it has hidden them to guard customers.
In September 2020, the Joker malware was discovered to be concentrating on Android customers through malicious apps in Google Play in addition to third-party app shops (see: Fresh Joker Malware Variant Targeting Android Users).
Different malware has additionally been concentrating on Android customers. For instance, over the previous 5 years, a complicated spy ware marketing campaign dubbed “PhantomLance” has been concentrating on Android customers by Trojan-laced apps within the Google Play retailer which are disguised as varied plug-ins, browser cleaners and utility updaters, in keeping with a report Kaspersky printed in April (see: Spyware Campaign Leverages Apps in Google Play Store).
In July 2020, Malwarebytes reported fraudsters have been in a position to insert a Trojan known as Cereberus into the Play Retailer by hiding it inside a cash converter app to focus on Android gadgets (see: Cerberus Banking Trojan Targeted Spanish Android Users).