More than 9 million smartphones infected with Cynos malware

Chinese smartphone vendor Huawei has temporarily removed 190 Android games from its official AppGallery app store after it received a report from Russian security firm Dr.Web that the apps contained an overly aggressive monetization library that was collecting extensive details from users’ devices.

Huawei said it is now working with the app developers to investigate if the data collection has been taking place behind their backs and find replacement monetization libraries.

More than 9.3 million users have installed one of these 190 Android games, according to download stats listed on the AppGallery store.

“Some of these games target Russian-speaking users: they have Russian localization, titles, and descriptions. Others target Chinese or international audiences,” Dr.Web said in a report this week.

The company said it has been tracking this threat under the Cynos malware definition since March this year.

According to its investigation, the malicious Cynos library had been observed collected extensive information from devices where its parent apps were installed, such as:

  • Phone numbers
  • Geo-location data
  • WiFi network details
  • Mobile network parameters and identifiers
  • Phone hardware and software specs

“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet, in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience,” Dr.Web researchers explained.

While the games were removed from the official app store, they are still installed on users’ devices, and users will need to manually uninstall them.

A list of all the games that Dr.Web classified as infected with a version of the Cynos malware is available here.

While most security experts focus on Android malware strains that contain spyware-like behavior, the reality is that most Android threats are focused on extensive personal data collection and ad fraud. This might not defraud users, but it defrauds advertisers and also indirectly fuels the data trading underground, where user details are often compiled and sold without users’ permission.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Chinese cyber agency signals support for tech industry

CAC officials set a conciliatory tone towards tech Friday, but are still supervising rides-hailing giant’s…

2 hours ago

Apple releases emergency patch for two iPhone, Mac zero-day vulnerabilities being exploited

Apple said hackers are actively exploiting two zero-day vulnerabilities in iPhones, iPads and Macs. In…

3 hours ago

Google says it stopped the largest DDoS attack ever recorded in June

One of Google’s customers was targeted with the largest distributed denial of service (DDoS) attack…

3 hours ago

European Commission’s Despina Spanou on why cyber officials must ‘learn lessons from crises’

When it comes to privacy and cybersecurity regulations, the European Union often sets the standards…

5 hours ago

Cyber insurers weigh in on latest cybersecurity trends, threats

The numbers speak for themselves: more companies are opting in for cyber insurance coverage than…

1 day ago

TikTok asks House of Representatives to rescind cyber advisory about company

Short-form video giant TikTok refuted claims made by the Chief Administrative Officer (CAO) of the…

1 day ago