Security experts are warning that over nine million Android devices have been infected by an information-stealing bit of malware. A modified version of the Cynos trojan, which has been specifically designed to steal sensitive user data, was discovered on over 190 apps installed on around 9.3million devices. However, if you’re thinking this latest security alert revolves around a nefarious Android app sneaking onto the Google Play Store – as has happened in the past – then you’re mistaken.
This time around, the offending apps were loaded onto Huawei’s AppGallery store.
While Huawei devices now use the firm’s own operating system, dubbed HarmonyOS, for many years phones from the Chinese smartphone giant ran on EMUI – which was based on Android.
The trojan loaded onto these AppGallery apps is known as ‘Android.Cynos.7.origin’, and was spotted by anti-virus providers Dr.Web.
Researchers from the Moscow-based firm notified Huawei about the threat, and worked with them to remove the offending apps from the AppGallery.
Bad actors hid the data-stealing malware in a range of apps such as strategy, shooting and arcade-style games for English-speaking users as well as those in China and Russia.
All of the apps ran as they had been advertised, which would have helped hide the fact they were a secret vehicle for delivering dangerous malware to unsuspecting users.
As Bleeping Computer reported, the list of Cynos malware apps is too long to share in full.
But here are some of the most notable examples, based on user installation figures…
• Hurry up and hide – – 2,000,000 installs
• Cat adventures – 427,000 installs
• Drive school simulator – 142,000 installs
Outlining their findings online, Dr.Web said: “The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetise them. This platform has been known since at least 2014.
“Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps.”
The Cynos variant found on these apps is capable of a number of malicious activities, such as spying on text messages and downloading and installing other dangerous payloads.
Sensitive data that can be stolen also includes a user’s mobile phone number as well as their location.
Speaking about the discovery of the malware on the AppGallery, a Huawei spokesperson said: “AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favourite apps again and continue enjoying them.
“Protecting network security and user privacy is Huawei’s priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”