The Joker malware was recently found in ten (10) mobile applications distributed via the official Android store for Huawei Android devices, AppGallery. The malicious components contained a line of codes that connects to the malware’s command and control (C2) server to receive configurations and additional components. More than 500,000 Huawei users are said to have downloaded the malicious applications and subscribed to premium mobile services.

Joker malware was one of the most prevalent kinds of Android malware family, which was previously seen being distributed via the Google Play Store. The malware was notorious for perpetrating billing fraud and its spyware capabilities, including stealing SMS messages, contact lists, and device’s information.


A. List of Malicious Applications

Detected malicious applications are as follows:

  • Super Keyboard
  • Happy Colour
  • Fun Color
  • New 2021 Keyboard
  • Camera MX – Photo Video Camera
  • BeautyPlus Camera
  • Color RollingIcon
  • Funney Meme Emoji
  • Happy Tapping
  • All-in-One Messenger


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Huawei Android users are advised to check and uninstall the applications listed above.
  • Users are also advised to check their mobile devices for other indications of compromise, such as suspicious files, installed unknown applications, excessive permission granted to applications, unsolicited advertisements, and unusual web browser activities.