Around 9.3 million Android devices have been infected with a new type of malware that masquerades as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace in order to gather device information and victims' phone numbers.
Researchers from Doctor Web discovered the mobile campaign and categorized the trojan as "Android.Cynos.7.origin," simply because it is a modified variant of the Cynos malware. Some of the 190 rogue games discovered were made for Russian-speaking players, while others were made for Chinese or worldwide audiences.
The applications requested the victims for permission to make and control phone calls once they were installed and then utilized to access and capture their phone numbers as well as other device data including geolocation, mobile network characteristics, and system metadata.
All of these harmful games are primarily geared at children, who are easy targets for having all of their permissions activated.
Huawei has currently uninstalled all of the vulnerable games from its AppGallery app store. If users have a Huawei smartphone and aren't sure if they're infected or not, some of the malicious apps are mentioned below:
- “[Команда должна убить боеголовку]” with more than 8000 installs.
- “Cat game room” with more than 427000 installs.
- “Drive school simulator” with more than 142000 installs.
- “[快点躲起来]” with more than 2000000 installs
Furthermore, the Doctor Web malware analysts have previously warned Huawei about these harmful apps.
Doctor Web researchers stated, "At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience."
"Even if the mobile phone number is registered to an adult, downloading a child's game may highly likely indicate that the child is the one who actually uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers, but to anyone else in general."