Security News > 2021 > April > Joker Android Trojan Lands in Huawei AppGallery App Store
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.
Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.
This family of Potentially Harmful Applications, which is known for subscribing users to premium mobile services, has previously targeted Android users through Google Play, but it appears that that malware's operators have shifted attention to additional app stores.
While only basic Trojan modules that feature minimal functionality are installed through the initial executable, additional components are downloaded from the Internet, to expand the threat's functionality.
While the user is delivered a full-fledged app, in the background the Trojan connects to the command and control server to fetch the necessary configuration and components.
Doctor Web's security researchers also warn that the Trojan also sends the contents of all notifications about incoming SMS messages to the C&C server, which could lead to data leaks.