MalwareBytes cybersecurity experts find 4 campaigns to spread a RAT with different baits but the same custom malware.
Doctor Web: Joker infected more than 500,000 Huawei devices. The malware has been downloaded from the official Android AppGallery. Main function: to subscribe users to paid mobile services
Joker malware infected more than 500,000 Huawei mobile devices. It has been discovered by Doctor Web cybersecurity experts. The users downloaded apps from the company’s official Android store, AppGallery. It’s the first time that malicious software has been detected on the platform. The main function of Joker, found in 10 variants, is to subscribe users to paid mobile services. They were distributed under the guise of harmless applications, which formally worked according to users’ expectations. This technique allows virus writers to stay undetected for longer and infect as many devices as possible. The Trojans detected were hidden in virtual keyboards, in a camera app, a launcher program (home screen management), an online messaging app, a collection of stickers, coloring programs, as well as in a game.