In Huawei’s app store AppGallery, the famous antivirus company Dr. Web analysts detected trojans in 190 apps.
Doctor Web malware analysts discovered dozens of games in Huawei’s app store AppGallery catalog with an embedded Android.Cynos.7.origin trojan. This trojan is a malware designed to collect users’ mobile phone numbers. The app’s install stats are even more frightening.
Android.Cynos.7.origin is one of the Cynos program module modifications. This module can be integrated into Android apps to earn money. This platform has been known since at least 2014. Some versions have quite aggressive functionality. E.g; They send SMS, stop incoming SMS, download and start extra modules and download and install other applications. Malware Dr. The version discovered by web analysts seems to be the main function of collecting information about users and their devices and displaying advertisements.
Trojan detected in 190 apps in AppGallery
At first glance, cell phone number leak may seem like a minor issue. But in reality, it can seriously harm users, especially considering the fact that children are the main target audience of games.
When the user gives permission, the trojan collects the following information and sends it to a remote server:
- User mobile number
- Device location based on GPS coordinates or mobile network and Wi-Fi hotspot data (when app has permission to access location)
- Various mobile network parameters such as network code and mobile country code; also GSM cell id and international GSM location area code (when app is allowed to access location)
- Various technical features of the device
- Various parameters from the metadata of the Trojan application
Even though Huawei has removed the infected apps from the App Gallery, if you have any of them installed on your phone, it can still be a big deal if your data is vulnerable to being stolen. Here are the three infected apps with the most installs:
- Hurry up and hide – 2 million downloads
- Cat adventures – 427k downloads
- Drive school simulator – 142k downloads
Dr. You can access the list of 190 applications with trojans detected by the web here.