Trojan Malware Installed On Millions Of Android Devices

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 9m Android devices have downloaded and installed dozens of games from Huawei that have a trojan malware that is designed to collect vital user data.  According to a new report by  malware researchers at Dr.Web Anti-virus, Android devices have been infected hit by an info-stealing trojan in a  large-scale malware attack originating from Huawei's AppGallery app store. 

The Trojan malware can perform all kinds of malicious activities while it is on your device, including spy on your texts and downloading  and installing malicious payloads. Cynos, from which this Trojan horse was created.

The Dr.Web report says that the Android.Cynos.7.origin trojan, a modification of the Cynos program module known since 2014, downloads and installs other apps that collect information about users and their devices, as well as display ads and allows the trojan to get access to sensitive data. “This module can be integrated into Android apps to monetise them....  Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps... The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads,” says the report.

The threat actors hid their malware in Android apps pretending to be simulators, games platforms, arcades, strategy, and shooting games for Russian-speaking, Chinese and English language users.

The apps containing the malware asks for permission to make and manage phone calls, which allows the trojan to collect and send information to a remote server, including:

  • Mobile phone number.
  • Device location and Wi-Fi access point data.
  • Various mobile network parameters, such as the network code and mobile country code.
  • Various tech specs of the device.
  • Various parameters from the trojanised app’s metadata.

The analysts' report found the trojan on 190 games, like simulators, games platforms, arcades, strategies and shooters.

"At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience," according to a Doctor Web spokesman.

Dr. Web have notified Huawei about the threats and Huawei have now removed the apps containing the trojan from its AppGallery. 

DrWebGitHub:   Android Headlines:   The Hacker News:   World Republic News:   MalwareTips:   TechRadar

You Might Also Read: 

Malware – The Hateful Eight:

 

« Non-Profit Organisations & Cyber Security
Russia Wants Control Over Big Tech »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.