Endpoint/Device Security, Endpoint/Device Security, Malware, Threat Management, Endpoint/Device Security, Endpoint/Device Security

Info-stealing trojan installed on millions of Android devices

A visitor tries out the Huawei P40 Pro smartphone at the IFA 2020 Special Edition consumer electronics and appliances trade fair on Sept. 3, 2020 in Berlin, Germany. (Photo by Sean Gallup/Getty Images)

More than 9 million Android devices have downloaded and installed dozens of games from the Huawei AppGallery that have a trojan designed to collect information, according to analysts.

Dr. Web Anti-virus malware analysts report that the Android.Cynos.7.origin trojan, a modification of the Cynos program module known since at least 2014, downloads and installs other apps that collect information about users and their devices, as well as display ads. 

The apps containing the malware asks for permission to make and manage phone calls, which allows the trojan to collect and send information to a remote server, including:

  • Mobile phone number
  • Device location and Wi-Fi access point data
  • Various mobile network parameters, such as the network code and mobile country code
  • Various tech specs of the device
  • Various parameters from the trojanized app’s metadata

The analysts report finding the trojan on 190 games, like simulators, platformers, arcades, strategies and shooters. Some of the games target Russian speakers, while others target Chinese and international audiences.

Dr. Web notified Huawei, which removed the apps containing the trojan from its AppGallery. 

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.