Russian antivirus maker Dr.Web reported ten apps published by three developers on Huawei’s official Android app store, that hid malware in them.
The apps on the AppGallery were infected with Joker that subscribes users to premium phone services in a tactic known as WAP fraud. Dr.Web noted this was the first time they found Joker on Huawei’s AppGallery.
The ten apps posed as legitimate applications – camera apps, virtual keyboards, app launchers, messengers, stickers, coloring apps, and games. According to Dr.Web, around 500,000 Huawei users downloaded the apps.
When the victim opened such an app, malicious code opened a browser window and subscribed users to premium phone numbers. Commissions from this generated income for the malware’s operators.
In order not to alert the user to their presence on the device, the malware intercepted SMS messages and push notifications.
Dr.Web discreetly alerted Huawei about the fake apps, and the Chinese tech giant removed the trojanized apps from AppGallery to protect users. The company also promised they would try to minimize the risks of such apps appearing in the future.
In addition, Dr.Web researchers found versions of the same infected Android apps on the Google Play Store. A list of these apps is available on the security firm’s GitHub repository. These apps have been removed from the Play Store as well.
Removing malicious apps from the Huawei app store, however, doesn’t remove them from users’ devices and the malware keeps compromising users.
TechCrunch advises Huawei smartphone owners search for one of the ten apps listed below and remove the, from their devices:
- Super Keyboard (com.nova.superkeyboard)
- Happy Colour (com.colour.syuhgbvcff)
- Fun Color (com.funcolor.toucheffects)
- New 2021 Keyboard (com.newyear.onekeyboard)
- Camera MX – Photo Video Camera (com.sdkfj.uhbnji.dsfeff)
- BeautyPlus Camera (com.beautyplus.excetwa.camera)
- Color RollingIcon (com.hwcolor.jinbao.rollingicon)
- Funney Meme Emoji (com.meme.rouijhhkl)
- Happy Tapping (com.tap.tap.duedd)
- All-in-One Messenger (com.messenger.sjdoifo)