Security researchers found dozens of games on Huawei’s AppGallery store infected with the Android.Cynos.7.origin trojan, which is designed to collect users’ device data and phone numbers. At least 9,300,000 users have downloaded and installed these malicious games on their Android devices.
The infections were discovered by a team of malware analysts at antivirus firm Doctor Web, who found a whopping 190 games on the AppGallery store compromised by the trojan, with more than 9,300,000 collective installs.
“Some of these games target Russian-speaking users: they have Russian localization, titles, and descriptions. Others target Chinese or international audiences,” reads the report.
Doctor Web notes that the trojan is a modification of the Cynos malware that is designed to covertly monetize Android apps, including sending premium SMS messages, downloading and launching extra malware modules, downloading and installing other apps, and more.
This version of the trojan, however, is tasked with collecting user data and displaying ads. It gains access to user information by asking for permission to make and manage phone calls.
“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience,” Doctor Web security researchers warn.
“Even if the mobile phone number is registered to an adult, downloading a child's game may highly likely indicate that the child is the one who is actually using the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers, but to anyone else in general.”
The games containing this trojan have been removed from Huawei’s AppGallery store after Doctor Web notified the company about the threats found by the researchers.
If you have downloaded and installed any of these 190 games, you’ll have to manually remove them from your device.
The list of malicious games containing the Android.Cynos.7.origin trojan can be found here.
More from CyberNews
Subscribe to our newsletter