Over 9 million Android devices infected with serious Trojan through games from Huawei AppGallery

Doctor Web analysts have discovered a serious Trojan that infected millions Android devices through the branded app store Huawei AppGallery.

How it works?

Trojan name - Android. Cynos.7.origin, and this is one of modifications of the Cynos software module, a platform known from at least 2014 year. This module can be integrated into Android apps for them monetization.

The Trojan was embedded in games Huawei AppGallery, and experts counted about 190 "infected" games. These are simulators, arcades, strategies etc. V in total, these games have been downloaded more than 9 million users. Some of these games are aimed at Russian users, others - on Chinese or international audience.

Applications with Android. Cynos.7.origin is asked to grant a specific permission, for example on obtaining information about phone calls. After the user's consent, the Trojan starts collecting and send user data to remote service. These are the phone number, the location of the device, various parameters of the mobile network, such as the network code and country code for mobile communication, technical parameters of the device etc.

Doctor Web team informed Huawei about found, after which all infected applications were removed from AppGallery.

A source: Doctor Web