Huawei's App Gallery hosted malicious apps installed by millions of Android users

Trojan
(Image credit: wk1003mike / Shutterstock)

Malware analysts discovered a dangerous information stealer trojan inside hundreds of Android apps on Huawei's AppGallery that have collectively clocked over 9 million downloads.

Discovered by cybersecurity sleuths at Dr. Web, the trojan is a variant of the Cynos malware, called Android.Cynos.7.origin that’s designed to collect sensitive user data. 

“The apps that contain the Android.Cynos.7.origin ask users for permission to make and manage phone calls. That allows the trojan to gain access to certain data,” explain the researchers.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Interestingly, besides English users, some of the games targeted Russian, and Chinese audiences and were fully localized in these languages. 

Information stealer

The researchers add that the trojan can be integrated into Android apps and employ all kinds of techniques to monetize them at the expense of the downloader. However, the variant found inside the apps in AppGallery collects information about the users and their devices, and displays ads.

“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” warn the researchers.

In addition to their phone numbers, the trojan also gathered device location based on GPS coordinates or the mobile network and WiFi access point data, several mobile network parameters, such as the network code and mobile country code, and a lot more.

The researchers found the trojan inside 190 different Android gaming apps, including simulators, arcade games, shooters, and more, all of which worked as advertised, leading to the high number of downloads.

The researchers shared their discovery with Huawei, who promptly removed all the 190 malicious apps. 

“AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favourite apps again and continue enjoying them," Huawei told TechRadar Pro

"Protecting network security and user privacy is Huawei's priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy.”

Scan your devices with these best Android antivirus apps, and protect yourself online with these best identity theft protection services

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.