Joker malware has been the scourge of Google Android since it slipped past Google Play’s app checking. Well, now it is rampant in the Huawei AppGallery with more than 500,000 infected downloads. Joker Malware becomes part of a legitimate or knock-off app that works as advertised. These include:
| Application name | Package name |
|---|---|
| Super Keyboard | com.nova.superkeyboard |
| Happy Colour | com.colour.syuhgbvcff |
| Fun Color | com.funcolor.toucheffects |
| New 2021 Keyboard | com.newyear.onekeyboard |
| Camera MX – Photo Video Camera | com.sdkfj.uhbnji.dsfeff |
| BeautyPlus Camera | com.beautyplus.excetwa.camera |
| Color RollingIcon | com.hwcolor.jinbao.rollingicon |
| Funney Meme Emoji | com.meme.rouijhhkl |
| Happy Tapping | com.tap.tap.duedd |
| All-in-One Messenger | com.messenger.sjdoifo |
Google has removed more than 1700 Joker Malware injected apps since 2017. It seems to have stopped slipping past its app checking process. It is not 100% perfect, but it has a long history and uses advanced AI to screen new apps.
Huawei AppGallery has a much shorter history. It basically came into existence after the US Entities blacklist stopped access to Google Android, its services, and Play Store. We can’t comment on its efficacy in finding malware-laden apps. Still, most security companies say its AppGallery is the new attack vector due to its high Chinese market penetration.
What does Joker Malware do?
The app contains a dropper. It lies dormant until it starts downloading malicious components and ‘drops” them into the app. It starts spying on your phone and sending it back to the hackers remotely. Joker copies SMS text messages and contact lists. These are for identity theft, fraud, or to launch other hacking activities when married to the user’s dark web profile.
More recently, Joker can drop other malware to use premium SMS services and more – all billed to your account. Google Play detects any app that tries to access your messages and send – so that is covered. Apparently, Huawei does not have this protection yet. Joker Malware laden apps are heavily promoted on Chinese social media and have a high proportion of effusive fake reviews.
How to stop it?
If you are using a Huawei device and therefore its AppGallery, there are several paid (not free versions) anti-malware virus apps. These include Kaspersky, AVG and Bitdefender that have success in identifying Joker Malware.
Kaspersky has its multi-OS premium Security Cloud that analyses all threats in the cloud and stops them before it can infect your Google Android or Huawei device. Note that China prohibits the use of its VPN features inside China.
