Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Mediatek eavesdropping bug impacts 30% of all Android smartphones
Stealthy new JavaScript malware infects Windows PCs with RATs
Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds
UK government transport website caught showing porn
How cybercriminals adjusted their scams for Black Friday 2021
Read, edit, and write PDFs with Apple’s App of the year
New Linux malware hides in cron jobs with invalid dates
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
A large-scale malware campaign on Huawei’s AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps. 
The trojan is detected by Dr.Web as ‘Android.Cynos.7.origin’ and is a modified version of the Cynos malware designed to collect sensitive user data.
The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.
However, those who installed the apps on their devices will still have to remove them from their Android devices manually.
The threat actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS strategy, and shooting games for Russian-speaking, Chinese, or international (English) users.
As they all offered the advertised functionality, users were unlikely to remove them if they enjoyed the game.
The list of the Cynos malware apps is too extensive to share here, but some notable examples that stand out due to having a large number of installations are listed below:
Since it’s impractical to compare your list of installed apps to the full list of 190 malicious apps, the more straightforward solution would be to run an AV tool that can detect Cynos trojans and their variants.
The functionality of this Cynos trojan variant can perform various malicious activities, including spying on SMS texts and downloading and installing other payloads.
“The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetize them. This platform has been known since at least 2014,” explained Doctor Web malware analysts in their report.
“Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps.”
“The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads.”
The aggressive nature of the trojan becomes apparent right from the installation phase when it asks for permission to perform activities that are not generally associated with a game, such as making phone calls or detecting users’ locations.
If the user grants the permission requests, the malware can exfiltrate the following data to a remote server:
In addition to the above, Cynos trojans can potentially download and install extra modules or apps, send premium service SMS, and intercept incoming SMS.
As such, these apps can lead to unexpected charges from subscribing to premium services, and they can also drop even stealthier spyware payloads.
Update Nov. 24 – A Huawei spokesperson has shared the following comment with Bleeping Computer:
“AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favorite apps again and continue enjoying them.
Protecting network security and user privacy is Huawei’s priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”
Android malware BrazKing returns as a stealthier banking trojan
Android spyware apps target Israel in three-year-long campaign
Photo editor Android app STILL sitting on Google Play store is malware
Flubot Android malware now spreads via fake security updates
New Android malware steals millions after infecting 10M phones
What android should do is force an update for every phone that enables a virtual protection for phone messages, replacing all of Samsung and other android devices messages app with one that runs in a virtual layover, preventing other apps from reading it or at least allow users to control what apps see messages because it’s crazy if you use a message backup tool they can access it but in order to restore messages it has to be set as a default. Those are safe unlike other apps. It’s crazy but android can never do that. I can only speak what is on my mind.
Not a member yet? Register Now
Mediatek eavesdropping bug impacts 30% of all Android smartphones
Stealthy new JavaScript malware infects Windows PCs with RATs
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.