Whether you’re an Android or iPhone user, mobile apps and games are a major part of the smartphone experience. And while every major app store does its best to keep malware out, the bad guys still manage to sneak it past their defenses. Just ask the millions who were recently hit by shady apps from the Huawei AppGallery.
Security pros at Doctor Web discovered dozens of games lurking in AppGallery that were infecting victims with a new variant of the Cynos malware. Cynos has been plaguing Android users for seven long years.
It’s been smuggled inside everything from adult content apps (which are often impossible to find in official app stores) to harmless-looking virtual pet games. One of the games discovered by Doctor Web had been installed more than 425,000 times. Another was installed by more than 2 million hapless victims.
To its credit, Huawei moved swiftly once the malware had been detected. “AppGallery’s built-in security system swiftly identified the potential risk within these apps,” said the company, adding that it was “working with affected developers to troubleshoot their apps.”
Huawei also reiterated that “protecting network security and user privacy is Huawei’s priority” and that it “welcome[s] all third-party oversight and feedback to ensure we [Huawei] deliver on this commitment.”
More On The Cyanos Malware
This latest version of the Cynos malware , Android.Cynos.7.origin, was found in a whopping 190 games on AppGallery according to Doctor Web. Once installed and launched the games ask users to grant various permissions — and not all Android users are wary enough when permission prompts appear.
In this case, tapping allow gives the malicious app access to a victim’s phone number, GPS coordinates, information about the wireless carrier’s network and other technical information about the infected device. It’s the sort of information that can make it much easier for fraudsters to target victims with additional attacks, like SMS or phone-based scams.
Doctor Web also reports that Android.Cynos.7.origin has the ability to flood an infected device with ads. Digital ad fraud has been a worldwide menace for years. The costs linked to this crime are estimated to hit a staggering $44 billion by next year and account for as much as 45% of all digital ad spending.
Other versions of Cyanos may do more direct harm to users. Other variants are known to run up charges via stealth SMS messages and calls.