27 November 2021

190 Android apps with trojan malware were installed 9.3 million times


UPDATE: Huawei has issued a statement about this article and it says, "AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favourite apps again and continue enjoying them."


"Protecting network security and user privacy is Huawei's priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy."

Protecting network security and user privacy is Huawei's priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”

Trojans (besides the definition that you might be more familiar with) is an app that hides its true purpose by masquerading as a regular app. But once the app is installed it unleashes malware that infects the phone allowing a bad actor to steal personal data and even take control of the device. According to a fresh report, researchers at Dr. Web Anti-virus discovered a large malware attack on Huawei's App Gallery app storefront that led victims to unwittingly install dangerous malware on their phones.

The 190 infected Android trojan apps were installed approximately 190 million times


The 190 infected Android trojan apps were installed approximately 9.3 million times. Dr. Web says that the malware has been identified as 'Android.Cynos.7.origin' and is believed to be a modified version of the Cynos malware that is used to collect personal data from victims' handsets. The researchers ended up alerting  Huawei about the trojans and Huawei deleted them from the App Gallery.


Now here's the thing. Even though Huawei removed the infected  apps from the App Gallery, if you installed  any of them on your phone, it can still be a major problem making your data vulnerable to getting stolen. The three infected apps with the largest number of installs include:
 
  • Hurry up and hide – 2,000,000
  • Cat adventures – 427,000
  • Drive school simulator – 142,000
If you have any of these apps residing on your Huawei phone, uninstall them ASAP. You can check out the names of all 190 infected apps by tapping on this link.  The infected apps can spy on SMS messages, and according to the report from Dr. Web, "The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetize them. This platform has been known since at least 2014."

These trojan apps can collect user's personal data and information about their device and send it to a remote server


The report adds that some of the versions of the malware have aggressive functionality. "They send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps." It obviously is not good to have any of these apps installed on your phone. The version of the trojan found in Huawei's App Gallery collects personal information about the user and his device and displays ads.

As the report notes, right off the bat, you can sense that something is not right since the app asks for permissions usually not associated with a gaming app such as the ability to make and manage phone calls. This gives the trojan the possibility to access certain information.

Once permission is granted, the app sends certain information to a remote server including the user's phone number, the device location, some of the specs belonging to the user's device, and according to the report, "Various mobile network parameters, such as the network code and mobile country code; also, GSM cell ID and international GSM location area code."

The infected apps have already been removed from Huawei's App Gallery app store


Dr. Web explains the problem with trojan malware apps targeting children. "At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience."

The research site adds that "Even if the mobile phone number is registered to an adult, downloading a child’s game may highly likely indicate that the child is the one who actually is using the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers but to anyone else in general."

No comments:

Post a Comment