Monday, February 17, 2025
Homecyber security9 Million Android Phones Running Malware Apps That Downloaded from Huawei's AppGallery

9 Million Android Phones Running Malware Apps That Downloaded from Huawei’s AppGallery

Published on

SIEM as a Service

Follow Us on Google News

More than 9 million Android smartphones are running malicious applications that are downloaded from the app store of Huawei, AppGallery.

The cybersecurity experts at Doctor Web security firm have recently found nearly 200 games with “Android.Cynos.7.origin” Trojan inside them, and it’s one of the alterations of the Cynos program module.

This “Android.Cynos.7.origin” trojan is found in 190 games that have download counts of approximately 9,300,000. This Trojan is specifically designed to get data like mobile phone numbers and other data to distribute to their developers. 

Data Collected

All these malicious games are primarily aimed at children since they are the easy targets to get enabled all their permission. Now, once the user grants permission, this trojan collects and sends all the following data to a remote server:-

  • User mobile phone number
  • Device location based on GPS coordinates or the mobile network and Wi-Fi access point data.
  • Various mobile network parameters like: network code, mobile country code, GSM cell ID, international GSM location area code.
  • Various technical specs of the device.
  • Various parameters from the trojanized app’s metadata.

The “[Android.Cynos.7.origin]” malware is a modification of the original Cynos, and it’s been active since 2014. This malware also has the ability to download and install other apps and modules on compromised devices.

Affected Apps

Currently, all the affected games have been removed by Huawei from its apps store, AppGallery. But, if you have a Huawei device and you are not sure that you are infected or not, then you can check the list of all the affected games below:-

  • “[Команда должна убить боеголовку]” with more than 8000 installs.
  • “Cat game room” with more than 427000 installs.
  • “Drive school simulator” with more than 142000 installs.
  • “[快点躲起来]” with more than 2000000 installs.

If you want the full list of affected apps then you can click here. Moreover, Huawei has already been notified by the Doctor Web malware analysts about these malicious apps.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

CISA Warns of Active Exploitation of Apple iOS Security Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of...

Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries

Threat actors are leveraging a modified version of the SharpHide tool to create hidden...

IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations

A security researcher recently uncovered a high-risk Insecure Direct Object Reference (IDOR) vulnerability in...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

CISA Warns of Active Exploitation of Apple iOS Security Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of...

Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries

Threat actors are leveraging a modified version of the SharpHide tool to create hidden...