Over 9 Million Android Phones Running Malware Apps from Huawei’s AppGallery

At least 9.3 million Android devices have been infected by a new
class of malware that disguises itself as dozens of arcade,
shooter, and strategy games on Huawei’s AppGallery marketplace to
steal device information and victims’ mobile phone numbers.

The mobile campaign was disclosed by researchers from Doctor
Web, who classified the trojan as “Android.Cynos.7.origin,”
owing to the fact that the malware is a modified version of the
Cynos malware. Of the total 190 rogue games^[1]
identified, some were designed to target Russian-speaking users,
while others were aimed at Chinese or international audiences.

Once installed, the apps prompted the victims for permission to
make and manage phone calls, using the access to harvest their
phone numbers along with other device information such as
geolocation, mobile network parameters, and system metadata.

“At first glance, a mobile phone number leak may seem like an
insignificant problem. Yet in reality, it can seriously harm users,
especially given the fact that children are the games’ main target
audience,” Doctor Web researchers said^[2].

“Even if the mobile phone number is registered to an adult,
downloading a child’s game may highly likely indicate that the
child is the one who actually using the mobile phone. It is very
doubtful that parents would want the above data about the phone to
be transferred not only to unknown foreign servers, but to anyone
else in general.”

While the malware-laced apps have since been purged from the app
stores, users who have installed the apps on their devices will
have to manually remove them to prevent further exploitation.