Android devices more than 9 million users infected with a Trojan hidden in games from Huawei AppGallery

Researchers from Doctor Web have discovered the Android.Cynos.7.origin Trojan in dozens of games in Huawei’s AppGallery, which was installed by at least 9,300,000 Android device owners. This Trojan is designed to collect users’ mobile phone numbers.

Android.Cynos.7.origin is one of the versions of the Cynos software module. This module can be integrated into Android applications to make a profit. The platform has been known since 2014. Some of its versions have quite aggressive functionalities: they send premium SMS messages, intercept incoming SMS, download and run additional modules, download and install other applications.

The main functionality of the version discovered by Doctor Web malware analysts is gathering information about users and their devices and displaying ads.

Applications that contain Android.Cynos.7.origin ask the user for permission to make and manage phone calls. This allows the Trojan to gain access to certain data.

When the user grants permission, the Trojan collects and sends the following information to the server:

»User’s mobile phone number

»Device location based on GPS coordinates or mobile network data and Wi-Fi access point (when the application has permission to access the location)

»Different parameters of the mobile network, such as network code and country code; GSM cell ID and international GSM location code (when the application has permission to access the location)

»Different technical characteristics of the device

»Different parameters from the metadata of the Trojan application

At first glance, a cell phone number leak may seem like a trivial problem. However, this can seriously harm users, especially given the fact that children are the main target audience of games.

Even if the mobile phone number is registered to an adult, downloading a children’s game may indicate that the child is actually a mobile phone user.

Android.Cynos.7.origin was found in 190 games on AppGallery, such as simulators, platform games, arcades, strategy and shooting games, which downloaded a total of more than 9,300,000 users. Some of these games target Russian-speaking users because they have Russian localization, names and descriptions. Others target Chinese or international audiences.

Doctor Web informed Huawei about what the company’s researchers discovered. At the time Doctor Web came out with this information, applications containing this Trojan were removed from AppGallery.

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!