Huawei, in turn, knows the unpleasant surprises of the distribution of mobile apps. The Chinese supplier has just been faced with the proliferation of malware in its AppGallery, an application store dedicated to Huawei smartphones. According to DrWeb researchers, who detected it, it would be “the first malware” discovered in this application store.
The malware in question is well known, because it is “Joker”, a particularly tenacious Trojan horse which has already made regular appearances on the Play Store since 2017, camouflaging itself under the guise of banal applications. In this case, DrWeb detected around ten mobile apps trapped on the AppGallery, including a virtual keyboard, a photo app, messaging and a game.
Also to discover in video:
These bogus applications actually work, except that they secretly download and execute malicious modules whose purpose is to activate Premium services on the terminal. To achieve this, they launch invisible navigation windows to register the victim through an online form. They then intercept the activation code received by SMS to validate the subscription. By default, Joker will attempt to activate five Premium Services per phone, but it can be more. By the way, hackers take the opportunity to also siphon off other notifications, out of opportunism.
According to DrWeb, these infected applications have been downloaded more than 538,000 times. This would therefore correspond to several million fraudulent subscriptions. The good news is that Huawei has now removed these malicious apps. But it’s likely that Joker will reappear another day.
Source : DrWeb