A new class of malware plagues at least 9.3 million Android devices. The malware camouflages as arcade, shooter, and strategy games on Huawei’s AppGallery marketplace to obtain device details and victim’s mobile numbers.
Doctor Web classifies the trojan as “Android. Cynos.7.origin”, and researchers at Doctor Web were first to report the malware. The malware is an altered version of the Cynos malware hence; the name “Android. Cynos.7.origin”. Altogether, 190 rogue games were identified. The games were targeted at Russian-speaking users and others were aimed at Chinese users.
After getting installed, the apps sought the user’s permission to call and manage phone calls. The access would be for knowing the user’s phone number along with other information like geolocation, mobile network parameters, and system metadata.
“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” Doctor Web researchers said.
Even if the mobile phone number is registered to an adult, downloading a child’s game may highly likely indicate that the child is the one who uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers but to anyone else in general.”