Huawei’s App Gallery Installed More Than a Million Malicious Apps

Within hundreds of Android applications on Huawei’s AppGallery, malware researchers discovered a malicious information stealer trojan that has collectively been downloaded over 9 million times. The malware is a variant of the Cynos virus, known as Android.Cynos.7.origin, that’s aimed at gathering confidential user information.

“The apps that contain the Android.Cynos.7.origin ask users for permission to make and manage phone calls. That allows the trojan to gain access to certain data,” explain the researchers.

Surprisingly, many of the games were targeted at English-speaking audiences, but certain versions were entirely translated into other languages.

Data thief

According to the paper, the trojan may be inserted into Android programs and use a variety of strategies to profit off of unsuspecting downloaders. The strain discovered in AppGallery applications, on the other hand, gathers information about users and their devices and displays advertising.

“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” warn the researchers.

The rogue collected the following information via their phone numbers as well as device location based on GPS coordinates or mobile network and WiFi access point data, several mobile network parameters including the network code and mobile country code, and a slew of other information.

The researchers discovered the trojan in 190 Android gaming applications, including simulators, arcade games, shooters, and other genres. As a result, there was a lot of downloads. The researchers informed Huawei about their findings, who promptly removed all the bad apps.