A modified version of the Cynos trojan, which has been specifically designed to steal sensitive user data, was discovered on over 190 apps installed on around 9.3million devices
A dangerous information-stealing malware has infected over nine million Android devices, security experts have warned.
A modified version of the Cynos trojan, which has been specifically designed to steal sensitive user data, was discovered on over 190 apps installed on around 9.3million devices.
Shockingly, the offending apps were loaded onto Huawei’s AppGallery store.
The Cynos variant found on these apps is capable of a number of malicious activities, such as spying on text messages and downloading and installing other dangerous payloads.
Sensitive data that can be stolen also includes a user’s mobile phone number as well as their location.
While Huawei devices now use the firm’s own operating system, dubbed HarmonyOS, for many years phones from the Chinese giant ran on EMUI – which was based on Android.
The trojan loaded onto these AppGallery apps is known as ‘Android.Cynos.7.origin’, and was spotted by anti-virus providers Dr.Web.
Researchers from the Moscow-based firm notified Huawei about the threat, and worked with them to remove the offending apps from the AppGallery.
Bad actors hid the data-stealing malware in a range of apps such as strategy, shooting and arcade-style games for English-speaking users, as well as those in China and Russia.
All of the apps ran as they had been advertised, which would have helped hide the fact they were a secret vehicle for delivering dangerous malware to unsuspecting users.
As Bleeping Computer reported, the list of Cynos malware apps is too long to share in full.
But here are some of the most notable examples, based on user installation figures:
• Hurry up and hide – – 2,000,000 installs
• Cat adventures – 427,000 installs
• Drive school simulator – 142,000 installs
Outlining their findings online, Dr.Web said: “The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetise them. This platform has been known since at least 2014.
“Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps.”
Speaking about the discovery of the malware on the AppGallery, a Huawei spokesman said: “AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps.
“Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favourite apps again and continue enjoying them.
“Protecting network security and user privacy is Huawei’s priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment.
“We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”
George Holan is chief editor at Plainsmen Post and has articles published in many notable publications in the last decade.