The AppGallery, Huawei’s application store, is in turn a victim of Android malware. According to computer security researchers at Doctor Web, several applications available on the store have been infected with malware from the Android family Joker, known to subscribe users to paid subscriptions without their knowledge.

appgallery malware joker - AppGallery: one of the worst malware invades Huawei's store
Credit: Huawei

If you follow Android news, you may be familiar with Android Joker malware. First appearing in 2019, this malware has the ability to subscribe users to paid services without their knowledge. In 2020, the malware hit 17 Play Store apps again, infecting 120,000 smartphones.

However, and according to the computer security researchers at Doctor Web, several malware from the Android Joker family were detected in several applications available in the AppGallery, Huawei’s application store. Experts speak about ten different variants, all of which have the main objective of emptying your bank account by taking out paid subscriptions.

Joker malware is back on the AppGallery

As usual, the malware in question is lurking in various applications, moreover harmless. There is a virtual keyboard, several photo editing applications, instant messaging, emojis, as well as a mobile game. Of the ten infected applications found by Doctor Web, 8 were created by the same developer : Shanxi Kuailaipai Network Technology co. Ltd.

The modus operandi remains the same. Infected applications do everything they are asked to do in the first place, in order to fool users. After some time, the Trojans launch themselves and connect to their management server in order to download a specific component, essential to trigger the subscription to subscription to paid services.

To top it off, these apps take great care to request permission to access notifications and messages from your smartphone. The principle is to intercept registration confirmation SMS, so as not to alert the victim of the ongoing fraud. “Upon receiving an alert from the Doctor Web company, Huawei hid applications containing malware on AppGallery to ensure user safety. The company will carry out additional controls in order to minimize the risk of future appearances of similar programs ”, the Shenzhen firm said.

Read also: Huawei – the AppGallery, its alternative to the Play Store has 33 million users in Europe

List of infected applications

Below is the complete list of infected applications discovered by Doctor Web:

  • Super Keyboard
  • Happy Color
  • Fun Color
  • New 2021 Keyboard
  • Camera MX – Photo Video Camera
  • BeautyPlus Camera
  • Color Rollinglcon
  • Funney Meme Emoji
  • Happy tapping
  • All-in-One Messenger

Source: GitHub