Trojan Malware Installed On Millions Of Android Devices

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 9m Android devices have downloaded and installed dozens of games from Huawei that have a trojan malware that is designed to collect vital user data.  According to a new report by  malware researchers at Dr.Web Anti-virus, Android devices have been infected hit by an info-stealing trojan in a  large-scale malware attack originating from Huawei's AppGallery app store. 

The Trojan malware can perform all kinds of malicious activities while it is on your device, including spy on your texts and downloading  and installing malicious payloads. Cynos, from which this Trojan horse was created.

The Dr.Web report says that the Android.Cynos.7.origin trojan, a modification of the Cynos program module known since 2014, downloads and installs other apps that collect information about users and their devices, as well as display ads and allows the trojan to get access to sensitive data. “This module can be integrated into Android apps to monetise them....  Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps... The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads,” says the report.

The threat actors hid their malware in Android apps pretending to be simulators, games platforms, arcades, strategy, and shooting games for Russian-speaking, Chinese and English language users.

The apps containing the malware asks for permission to make and manage phone calls, which allows the trojan to collect and send information to a remote server, including:

  • Mobile phone number.
  • Device location and Wi-Fi access point data.
  • Various mobile network parameters, such as the network code and mobile country code.
  • Various tech specs of the device.
  • Various parameters from the trojanised app’s metadata.

The analysts' report found the trojan on 190 games, like simulators, games platforms, arcades, strategies and shooters.

"At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience," according to a Doctor Web spokesman.

Dr. Web have notified Huawei about the threats and Huawei have now removed the apps containing the trojan from its AppGallery. 

DrWebGitHub:   Android Headlines:   The Hacker News:   World Republic News:   MalwareTips:   TechRadar

You Might Also Read: 

Malware – The Hateful Eight:

 

« Non-Profit Organisations & Cyber Security
Russia Wants Control Over Big Tech »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Globant

Globant

Globant is an It and software development company. We leverage the latest technologies and methodologies to help organizations transform in every aspect, including software security.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.

ZeroThreat

ZeroThreat

ZeroThreat, a vulnerability scanning and automated pentesting tool, accelerates vulnerability detection 5x faster with unprecedented accuracy and efficiency in real-time.