Info-Stealing Trojan Infects Over 9 Millions Gaming Apps And Android Devices

Published: January 23, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Over nine million users who downloaded gaming apps from Huawei’s AppGallery are finding their Android devices are infected with a variant of Cynos trojan known as Android.Cynos.7.origin. It’s an info-stealing malware that collects PII (personally identifiable information) from its victims. So far, 190 infected apps have been discovered in the AppGallery targeting Russian, Chinese, and international language users that may also include English language speakers.


Fortunately for Huawei and their AppGallery, analysts from Dr. Web Anti-Virus discovered the gaming apps already had the Cynos.7 trojan variant built-in. This is what we call a “supply chain attack.” Dr. Web notified Huawei and the infected apps were removed from AppGalery. The analysts learned this trojan was designed to collect PII and information about the Android devices and also display ads. The infected apps also ask for permissions to make and manage phone calls among other things, allowing Cynos.7 to access potentially harmful data.


This is particularly unfortunate since many of the gaming apps target children, a highly vulnerable group of users. For example, a “Cat Adventures” gaming app targeting children had over 427,000 installs, quite possibly with a parent none-the-wiser.



Infected Gaming Apps, The Data They Steal, And How To Avoid Them


Dr. Web explains the lion’s share of infected games pretend to be “simulators, platformers, arcades, strategies, and shooters.” After a user gives permission, the trojan app steals data and sends it to a remote server. The data includes mobile phone number, device location, device technical specifications, network information, mobile country code and more.


According to research, the only way to remove the infected apps is manually. A look at how to help prevent downloading infected gaming apps is a valuable tool that should be part of every cyber-safety tool kit.


  • Never sideload apps from unofficial app stores. They often don’t scan apps for malware before making them available, and it’s always a risky proposition. Instead, stick with downloads from official app stores.

  • Do your homework and always read app reviews before downloading. Users post their experiences with apps, both good and bad and it can be a huge heads-up for malware-infected apps.

  • Pay strict attention while downloading an app. Pop-up windows asking for access to PII need to be read carefully before granting permissions. Parents need to be present when children download gaming apps so they can judge permission request, including many that may be inappropriate or dangerous to grant. Limit permissions to only those necessary for app performance, but never grant administrator rights.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com


3 views0 comments