Discovered by cybersecurity sleuths at Dr. Web, the trojan is a variant of the Cynos malware, called Android.Cynos.7.origin that’s designed to collect sensitive user data.
“The apps that contain the Android.Cynos.7.origin ask users for permission to make and manage phone calls. That allows the trojan to gain access to certain data,” explain the researchers.
Interestingly, besides English users, some of the games targeted Russian, and Chinese audiences and were fully localized in these languages.
Information stealer
The researchers add that the trojan can be integrated into Android apps and employ all kinds of techniques to monetize them at the expense of the downloader. However, the variant found inside the apps in AppGallery collects information about the users and their devices, and displays ads.
“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” warn the researchers.
In addition to their phone numbers, the trojan also gathered device location based on GPS coordinates or the mobile network and WiFi access point data, several mobile network parameters, such as the network code and mobile country code, and a lot more.
The researchers found the trojan inside 190 different Android gaming apps, including simulators, arcade games, shooters, and more, all of which worked as advertised, leading to the high number of downloads.
The researchers shared their discovery with Huawei, who promptly removed all the 190 malicious apps.
Scan your devices with these best Android antivirus apps, and protect yourself online with these best identity theft protection services