Sunday, May 18, 2025
Homecyber security9 Million Android Phones Running Malware Apps That Downloaded from Huawei's AppGallery

9 Million Android Phones Running Malware Apps That Downloaded from Huawei’s AppGallery

Published on

SIEM as a Service

Follow Us on Google News

More than 9 million Android smartphones are running malicious applications that are downloaded from the app store of Huawei, AppGallery.

The cybersecurity experts at Doctor Web security firm have recently found nearly 200 games with “Android.Cynos.7.origin” Trojan inside them, and it’s one of the alterations of the Cynos program module.

This “Android.Cynos.7.origin” trojan is found in 190 games that have download counts of approximately 9,300,000. This Trojan is specifically designed to get data like mobile phone numbers and other data to distribute to their developers. 

- Advertisement - Google News

Data Collected

All these malicious games are primarily aimed at children since they are the easy targets to get enabled all their permission. Now, once the user grants permission, this trojan collects and sends all the following data to a remote server:-

  • User mobile phone number
  • Device location based on GPS coordinates or the mobile network and Wi-Fi access point data.
  • Various mobile network parameters like: network code, mobile country code, GSM cell ID, international GSM location area code.
  • Various technical specs of the device.
  • Various parameters from the trojanized app’s metadata.

The “[Android.Cynos.7.origin]” malware is a modification of the original Cynos, and it’s been active since 2014. This malware also has the ability to download and install other apps and modules on compromised devices.

Affected Apps

Currently, all the affected games have been removed by Huawei from its apps store, AppGallery. But, if you have a Huawei device and you are not sure that you are infected or not, then you can check the list of all the affected games below:-

  • “[Команда должна убить боеголовку]” with more than 8000 installs.
  • “Cat game room” with more than 427000 installs.
  • “Drive school simulator” with more than 142000 installs.
  • “[快点躲起来]” with more than 2000000 installs.

If you want the full list of affected apps then you can click here. Moreover, Huawei has already been notified by the Doctor Web malware analysts about these malicious apps.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...