Trojan Malware Installed On Millions Of Android Devices

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 9m Android devices have downloaded and installed dozens of games from Huawei that have a trojan malware that is designed to collect vital user data.  According to a new report by  malware researchers at Dr.Web Anti-virus, Android devices have been infected hit by an info-stealing trojan in a  large-scale malware attack originating from Huawei's AppGallery app store. 

The Trojan malware can perform all kinds of malicious activities while it is on your device, including spy on your texts and downloading  and installing malicious payloads. Cynos, from which this Trojan horse was created.

The Dr.Web report says that the Android.Cynos.7.origin trojan, a modification of the Cynos program module known since 2014, downloads and installs other apps that collect information about users and their devices, as well as display ads and allows the trojan to get access to sensitive data. “This module can be integrated into Android apps to monetise them....  Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps... The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads,” says the report.

The threat actors hid their malware in Android apps pretending to be simulators, games platforms, arcades, strategy, and shooting games for Russian-speaking, Chinese and English language users.

The apps containing the malware asks for permission to make and manage phone calls, which allows the trojan to collect and send information to a remote server, including:

  • Mobile phone number.
  • Device location and Wi-Fi access point data.
  • Various mobile network parameters, such as the network code and mobile country code.
  • Various tech specs of the device.
  • Various parameters from the trojanised app’s metadata.

The analysts' report found the trojan on 190 games, like simulators, games platforms, arcades, strategies and shooters.

"At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience," according to a Doctor Web spokesman.

Dr. Web have notified Huawei about the threats and Huawei have now removed the apps containing the trojan from its AppGallery. 

DrWebGitHub:   Android Headlines:   The Hacker News:   World Republic News:   MalwareTips:   TechRadar

You Might Also Read: 

Malware – The Hateful Eight:

 

« Non-Profit Organisations & Cyber Security
Russia Wants Control Over Big Tech »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

FirstPoint

FirstPoint

FirstPoint has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

Gradient Cyber

Gradient Cyber

Gradient Cyber offer mid-market organizations enterprise-grade threat detection and response services at a fraction of the cost of an in-house SOC.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.