On Tuesday, November 23, Dr. Web’s malware analysts found Android.Cynos.7.origin trojan built into 190 games on Huawei’s AppGallery. The trojan collects its victim’s personal information and sends it to a remote server. Researchers said that some of the apps target Russian-speaking users, while others are aimed at Chinese-speaking and international audiences. A full list of the 190 infected apps is available here. Thankfully, Huawei has since removed the infected applications from its store and issued a statement about the incident.
About Android.Cynos.7.origin Trojan
According to researchers, Android.Cynos.7.origin is a modification of the Cynos malware, which has been around since at least 2014. They added that some of the malware’s versions have aggressive functions. This includes:
sending premium SMS intercepting incoming SMS downloading and launching extra modules downloading and installing applications
In this case, Dr. Web’s analysts found that the function of Android.Cynos.7.origin is to collect user information and display targeted ads. Apps that contain malware request permission to make and manage phone calls. This gives it access to personal information, which it then sends to a remote server. Below is a list of information that is collected:
User mobile number Device location. This is based either on GPS coordinates, or mobile network and Wifi access point information. Mobile network code, mobile country code, GSM cell IS, international GSM area code, and other mobile network parameters Technical specifications of the user’s device Information from the malicious app’s metadata
Statement by Huawei
The fact that the apps target and collect personal information from young children raises significant concerns. Information such as mobile phone numbers can be used to carry out future scams, such as targeted phishing campaigns. On November 24, a Huawei spokesperson said that “AppGallery’s built-in security system swiftly identified the potential risk within these apps.” Huawei has stated that they are now actively working with affected developers to troubleshoot their apps. Once confirm that the apps are cleared, the apps can be re-listed on the Huawei app store. “Protecting network security and user privacy is Huawei’s priority,” the spokesperson said. “We welcome all third-party oversight and feedback to ensure we deliver on this commitment.” We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy,” they added. If you want to learn more about how you can keep you can protect kids from threats online, check out our article here.