Nov 25, 2021
0 0

About 10 million Android devices found infected with Cynos malware

Written by

Tags, , , , , , ,
Super secure VPN
Minimal data logging
Favorable privacy policy

Researchers from Doctor Web have shared details of a mobile campaign that infected at least 9.3 million Android devices. Reportedly, a new class of malware was used in this campaign, which was hidden inside dozens of strategy, arcade, and shooter games.
These games were available on Huawei’s AppGallery marketplace. The main objective behind this malicious campaign was to steal device info as well as the mobile phone number of the victim.
Doctor Web researchers have classified the trojan as Android.Cynos.7.origin because the malware is a modified variant of the Cynos malware. They identified around 190 malicious games, some of which were designed to specifically target Russian users, whereas some targeted Chinese and foreign users.
SEE: GriftHorse Android malware hit 10 million devices in 70 countries
The Cynos program module can be integrated into Android apps and generate revenues for the attacker. This module was discovered in 2014; some of its versions implemented aggressive features, such as premium SMS sending capabilities, intercepting incoming SMS, downloading/installing other apps, downloading/launching additional modules, etc.

However, the malware strain Doctor Web researchers identified in this campaign could only collect user/device data and display ads.
Here are the games featuring the highest number of installs.
After the user installs an infected app, it requests advanced permissions such as making and managing phone calls.
Almost 10 million Android devices found infected with Cynos malware
When this permission is granted, they use this privilege to steal phone numbers and sensitive device data like geolocation, system metadata, and mobile network parameters (country code, GSM cell ID, international GSM location area code if the app has permission to access the location).

Although mobile number leaking may appear as a harmless issue, in reality, it can cause serious harm to the user given that children are the “main target audience” of these games, researchers explained.
“Even if the mobile phone number is registered to an adult, downloading a child’s game may highly likely indicate that the child is the one who uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers but to anyone else in general,” Doctor Web AV’s report read.
SEE: New Android malware TeaBot found stealing data, intercepting SMS
Researchers shared their findings with Huawei, and the malicious apps were later removed from the AppGallery store.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Get the best stories straight into your inbox!

Don’t worry, we don’t spam
 App Store Google News
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom. is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.


Article Categories:

Comments are closed.