Antivirus manufacturer Doctor Web has warned against harmful applications in AppGallery, the Huawei market. Researchers found 10 apps in AppGallery that ran seemingly harmless but malicious code and commands containing code that attempted to connect to a malicious command and control server to retrieve configurations and snap-ins. Huawei has removed them from AppGallery. The removed applications are as follows;
| Application Name | Package Name |
| Super Keyboard | com.nova.superkeyboard |
| Happy Colour | com.colour.syuhgbvcff |
| Fun Color | com.funcolor.toucheffects |
| New 2021 Keyboard | com.newyear.onekeyboard |
| Camera MX – Photo Video Camera | com.sdkfj.uhbnji.dsfeff |
| BeautyPlus Camera | com.beautyplus.excetwa.camera |
| Color RollingIcon | com.hwcolor.jinbao.rollingicon |
| Funney Meme Emoji | com.meme.rouijhhkl |
| Happy Tapping | com.tap.tap.duedd |
| All-in-One Messenger | com.messenger.sjdoifo |
Malware activities; Virtual keyboards are masked by functional apps such as camera app launcher, online messenger, sticker collection, coloring apps and games.
While users can no longer download them, users who have previously downloaded applications must manually clean up any malware running on their devices. Any application listed above communicates with its remote server to retrieve the configuration file containing the JavaScript, emulating websites and user interaction for premium services.
Researchers say that the same modules downloaded by apps showing malware activity in AppGallery are also available in other apps on Google Play used by other versions of Joker malware. Malware IoC with Joker's here can be reached.
CyberArts information security team recommends Huawei users to check if they are using any of the apps listed above.
Source:
https://news.drweb.com/show/?i=14182&lng=en&c=5
