A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps.
The trojan is detected by Dr.Web as 'Android.Cynos.7.origin' and is a modified version of the Cynos malware designed to collect sensitive user data.
The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.
However, those who installed the apps on their devices will still have to remove them from their Android devices manually.
Trojan disguised as game apps
The threat actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS strategy, and shooting games for Russian-speaking, Chinese, or international (English) users.
As they all offered the advertised functionality, users were unlikely to remove them if they enjoyed the game.
The list of the Cynos malware apps is too extensive to share here, but some notable examples that stand out due to having a large number of installations are listed below:
- 快点躲起来 (Hurry up and hide) – 2,000,000
- Cat adventures – 427,000
- Drive school simulator – 142,000