Approximately 9,300,000 Android trojans disguised as over 190 different applications have been installed as part of a vast malware campaign on Huawei’s AppGallery. Dr. Web has identified the trojan as “Android.Cynos.7.origin.” It is a modified variant of the Cynos malware that collects sensitive user data.
The discovery and report were made by Dr. Web AV researchers, who alerted Huawei and assisted them in removing the detected applications from their store. Those who installed the applications on their Android smartphones, on the other hand, will have to delete them manually.
In Android applications, the threat actors disguised their malware as simulators, arcades, platformers, RTS strategy, and shooting games for Chinese, Russian, and international (English) users. Users were unlikely to delete them if they loved the game because they all provided the claimed functionality.
Because comparing your installed programs to the whole list of 190 malicious apps is unrealistic, the more basic option is to run an antivirus program that can identify Cynos trojans and their variations. This Cynos trojan variant’s capability allows it to carry out a variety of harmful operations, including eavesdropping on SMS texts and downloading and installing additional payloads.
According to a report from the malware specialists at Doctor Web, one of the Cynos program module’s changes is Android.Cynos.7.origin. This module may be integrated to commercialize Android apps.
Some of its versions include rather aggressive features, such as sending premium SMS, intercepting incoming SMS, downloading and launching more modules, and downloading and installing other applications. Malware experts determined that the version’s primary goal is to gather information about users and their devices, as well as to display advertisements.
When the trojan requests permission to undertake tasks that are not typically connected with a game, such as making phone calls or detecting users’ positions, it reveals its hostile character immediately away.
Cynos trojans may also download and install additional modules or programs, as well as send premium SMS and intercept incoming SMS. As a result, these apps might result in unexpected payments from premium service subscriptions and drop even more stealthy malware payloads.