According to a new report by researchers at Dr. Web Anti-virus (via Bleeping Computer), around 9 million Android devices got hit by an info-stealing trojan. This large-scale malware attack happened on Huawei’s AppGallery app store.
Info-stealing trojan infected over 190 Android apps
Over 190 different apps got affected by it, and those apps were installed approximately 9.3 million times. The trojan has been detected by Dr.Web as “Android.Cynos.7.origin”. This is a modified version of the Cynos malware. The Cynos malware is actually designed to collect sensitive user data.
Huawei acted swiftly upon Dr. Web Anti-virus’ prompt, and removed affected apps from its store. Huawei also said that it is now actively working with developers to troubleshoot their apps.
Just because the apps got removed from the AppGallery, doesn’t mean they’re removed from your devices, of course. So if you have them installed, it may be a good idea to remove them as soon as possible. You can access a full list of affected apps here.
This trojan hid in apps pretending to be simulators, platformers, arcades, RTS games, shooting games, and so on. It found its way to apps made for the Russian market, Chinese market, and global markets.
Some of the affected apps are legit, of course, but some are made just to place this malware out in the open, it would seem. Considering that Huawei said that it’s working with developers to troubleshoot apps, it’s obvious that some of the apps are legit.
One of the infected apps had 2 million installs
The three apps that had the most installs are 快点躲起来 (Hurry up and hide), Cat adventures, and Drive school simulator. Those three apps were installed 2,000,000, 427,000, and 142,000 times, respectively.
This trojan can perform all sorts of malicious activities while it’s on your device. It can spy on your texts, and download and install payloads. Cynos, from which this trojan was made, has been around since 2014.
In some cases, this trojan can send premium SMS messages, intercept incoming SMS messages, download and launch extra modules, install apps on its own, and so on.
This is why you always have to be careful with permissions. Apps infected by trojans will ask you for permissions that make no sense for that app type. It will ask you for a ton of permissions as well.