Joker, the infamous Android-based malware family, has now infected more than 500,000 Huawei users and subscribed them to unwanted premium mobile services. According to Doctor Web, the malware has infected ten seemingly harmless apps on the official Android store for Huawei smartphones, the AppGallery.

What has happened?

A report from Doctor Web disclosed that these malicious apps retained their advertised functionality, however, their downloaded components are subscribing users to premium mobile services.
  • To stay hidden, the infected apps requested access to notifications to intercept confirmation codes delivered on SMS via the subscription service without the victim’s knowledge.
  • The malware-laden apps could subscribe an infected user to a maximum of five services. However, the attacker behind this malware could change this limitation at any time.
  • The list of malicious applications includes a launcher, a camera application, an online messenger, coloring programs, a sticker collection, virtual keyboards, and a game.
  • These 10 malicious apps were downloaded by 538,000 Huawei users. Most of these apps are developed by Shanxi Kuailaipai Network Technology Co., Ltd., while two of these apps were developed by others. 

Recent activities of Joker 

Active since 2017, Joker is one of the most active threats on the Android platform at present.
  • In January, new samples of Joker malware successfully bypassed Google's defense to end up in the Google Play Store.
  • Last year, a new variant of Joker successfully made its way into the Play Store and infected users, by injecting malicious code inside the Android Manifest file.


Even though Google keeps introducing new policies and defense mechanisms to counter them, operators of Joker are regularly changing their tactics and exploiting any possible gap in Play Store's defenses. Therefore, smartphone users are recommended to be extra cautious when downloading new applications even from trustworthy stores.

Cyware Publisher