Security researchers have discovered that over 500,000 Huawei smartphones are infected with the Joker malware.

The Joker malware has been circulating on Google Play for some time and subscribes infected smartphones to premium mobile subscriptions. However, this is the first time it has been found on a Huawei device (via BleepingComputer).

The malware was discovered by researchers at Russian antivirus firm Doctor Web, hidden among 10 seemingly harmless apps in Huawei's AppGallery.

Typically, the Joker malware is spread through Google Play, but the researchers noticed that the people behind this malware appear to have expanded their activities to another Android app store.

The app itself works as promised, but it also does malicious things in the background. In the past, Joker-infected apps have been found to subscribe users to premium SMS services by intercepting and responding to SMS confirmation codes. This means that users would receive a hefty bill at the end of the month.

In addition, Joker can also steal contact lists and text messages to spread the infection among friends.

The malware was first publicized after it infiltrated Google Play in 2019; Google has since booted dozens of apps from Google Play, but the people behind these scam apps now seem to have gone even farther ...

Researchers at Doctor Web point out that in this instance, the maximum number of services that Joker forces users to register for is five. This is a very large number, and it has been noted that the bad guys behind it can increase that number whenever they like.

The apps in question include virtual keyboards, messaging apps, sticker collections, and games. Many of the apps in question came from the same developer, and fortunately Huawei has now removed them all from the AppGallery.

Unfortunately, you don't have to have a Huawei phone to be safe. The researchers noted that the same modules downloaded by the infected apps in AppGallery are also present in apps on Google Play. If you want to check for yourself, a complete list of indicators of infringement is available here.

In other words, sticking to Google's own app store does not guarantee safety.