Huawei’s App Gallery hosted malicious apps installed by millions of Android users

Apps often hid inside products targeted at children

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Malwareanalysts discovered a dangerous information stealer trojan inside hundreds ofAndroidapps onHuawei’s AppGallery that have collectively clocked over 9 million downloads.

Discovered bycybersecuritysleuths atDr. Web, the trojan is a variant of the Cynos malware, called Android.Cynos.7.origin that’s designed to collect sensitive user data.

“The apps that contain the Android.Cynos.7.origin ask users for permission to make and manage phone calls. That allows the trojan to gain access to certain data,”explainthe researchers.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Interestingly, besides English users, some of the games targeted Russian, and Chinese audiences and were fully localized in these languages.

Information stealer

Information stealer

The researchers add that the trojan can be integrated into Android apps and employ all kinds of techniques to monetize them at the expense of the downloader. However, the variant found inside the apps in AppGallery collects information about the users and their devices, and displays ads.

“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” warn the researchers.

In addition to their phone numbers, the trojan also gathered device location based on GPS coordinates or the mobile network andWiFi access pointdata, several mobile network parameters, such as the network code and mobile country code, and a lot more.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The researchers found the trojan inside 190 differentAndroid gaming apps, including simulators, arcade games, shooters, and more, all of which worked as advertised, leading to the high number of downloads.

The researchers shared their discovery with Huawei, who promptly removed all the 190 malicious apps.

“AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favourite apps again and continue enjoying them," Huawei toldTechRadar Pro.

“Protecting network security and user privacy is Huawei’s priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”

Scan your devices with thesebest Android antivirus apps, and protect yourself online with thesebest identity theft protection services

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well