A report by Doctor Web analysts reveals that over 9 million Android smartphones have long been infected with a dangerous Trojan originating from apps distributed through Huawei AppGallery.
Android.Cynos.7.origin is the name of the trojan injected into the module that is used for the monetization of Android apps.
The main functionality of the version of the module discovered by malware analysts is the collection of information about users and their devices and the display of advertisements.
Among the infected applications are around 190 games on the Huawei AppGallery, some of which target Russian users, while others target Chinese or international audiences.
The identified titles are:
- The team must kill the warhead (translated from Russian)
- Cat game room
- Drive school simulator
- Hurry up and hide (translated from Chinese
Apps with this trojan ask users to give certain permissions which when granted help the malware collect and send user data to a remote service, including phone number, device location based on GPS coordinates or mobile network, and Wi-Fi access point data when the application has permission to access the location, various parameters of the mobile network, various technical specifications of the device and various parameters from the trojan app metadata. The favorite victims of this trojan are the devices managed by children.
Doctor Web has informed Huawei about these discoveries and with the publication of this report the manufacturer has taken steps to remove all infected apps from AppGallery, calling users to uninstall them if they were installed on devices.