Posted on November 27, 2021 at 7:59 PM
Malware analysts have discovered a notorious information stealer trojan found in apps on Huawei’s AppGallery that have reached more than 9 million downloads.
The malware was discovered by cybersecurity researchers at Dr. Web and is understood to be variants of the Cynos malware known as Android.Cynos.7.origin. The data reveals that about 9,300,000 Android device owners have already installed the apps which have been operated for a long time.
The researchers noted that the apps containing the malware request permission from users to make and manage phone calls. However, when such permission is granted, it opens the door for the trojan to gain complete access.
The threat actors launching the trojan target English, Chinese, and Russian audiences, with the trojan fully localized in these languages.
The Malware Steals Information About The Users And Their Device
According to the researchers, the trojan can be planted in the Android apps and use all types of techniques to make money out of them at the expense of the downloader.
But the malware variant discovered in the AppGallery app steals information about the users and their devices while displaying the ads.
On the surface, it may seem like the mobile phone number leak is a slight problem. However, realistically, it can be a major security concern for users, especially as the games’ main targets are children.
Apart from their phone numbers, the malware can gather the location of the targeted device based on the WiFi access point data, the mobile network, or the GPS coordinates.
It also gathered information on several network parameters, such as mobile country code and network code.
The Affected Apps Have Been Taken Down By Huawei
The researchers noted that they discovered the trojan in over 190 different Android gaming apps, including shooters, arcade games, simulators, and others. These apps work exactly as they are advertised, which is the reason for so many downloads by users.
The researchers revealed their discovery to Huawei, who immediately took down all the 190 malicious apps.
In a statement to confirm the situation, Huawei said its AppGallery built-in security system quickly discovered the potential risk within the apps. Subsequently, its researchers began working with the impacted developers to help them secure their apps.
The Huawei team says the apps will be re-listed on AppGallery once all apps have been confirmed safe. Subsequently, consumers can download their favorite apps and continue enjoying them as usual.
Huawei added that user privacy and network security have always been its priority. “We welcome all third-party oversight and feedback to ensure we deliver on this commitment,” the firm noted, adding that the firm will continue to link up with its partners. Huawei also stated that it will employ the most innovative and advanced technologies to safeguard its users’ privacy.
Android.Cynos.7.origintrojen has been existing since 2014 and can be integrated into Android apps to monetize them.
Researchers noted that some of its versions have been very potent in the past, which includes downloading and launching extra modules, intercepting incoming SMS, and sending premium SMS. The malware is also capable of downloading and installing other apps. However, the discovery of its latest functionality reveals that it can collect users’ details and their devices and easily display ads.
Although the malware-infested apps have since been removed from the app stores, users who have already installed them on their devices will need to remove them manually to prevent further exploitation.
Researchers Discover More Bugs In Android Devices
In another development, Checkpoint security researchers discovered that millions of Android users have a chip in their phones that could have given malicious apps the ability to eavesdrop on their conversations.
The report revealed that the microchip containing the issue is found in about 37% of all smartphones in the world. It also noted that so many android users were left exposed to the malware threat before the vulnerability was discovered and patched.
The flaw comes from the Digital Signal Processor (DSP) and the AI Processing Unit (APU), both of which help to improve media performances and reduce CPU usage in the devices housing them.
The Checkpoint researchers stated that they “reverse-engineered” the two MediaTek audio firmware and found out that there were several flaws that are easily accessible from the userspace.
These issues are reminders to users to take the security of their systems very seriously. Researchers advised mobile phones users to reduce their reliance on the firm that makes the phone and apps. Instead, they should focus on bolstering their mobile security by applying high-security protocols when online.