The newly discovered Trojan “Android.Cynos.7.origin” targets Russian and Chinese gamers, and has infected over 9.3 million Android devices via mobile games.
Security researchers from Doctor Web have discovered a new Trojan that has infected over 9.3 million Android devices.
The Trojan, dubbed “Android.Cynos.7.origin,” is a new kind of malware that disguises itself as various mobile games on Huawei’s AppGallery marketplace.
Android.Cynos.7.origin steals information from a victim’s device, such as contact details, and displays unwanted ads. The researchers suspect that the Trojan is a modified version of the Cynos malware. The apps infected with Android.Cynos.7.origin ask users for permission to make and manage phone calls, allowing the Trojan to obtain more information such as location, mobile network parameters, and system metadata.
“The Android.Cynos.7.origin can be integrated into Android apps to monetize them. This platform has been known since at least 2014. Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps. The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads,” the researchers at Doctor Web said.
When the user grants permission, Android.Cynos.7.origin collects and sends the following data to a remote server:
- User mobile phone number
- Device location based on GPS coordinates or the mobile network and Wi-Fi access point data (when the application has permission to access location)
- Various mobile network parameters, such as the network code and mobile country code; also, GSM cell ID and international GSM location area code (when the application has permission to access location)
- Various technical specs of the device
- Various parameters from the Trojanized app’s metadata
The Android.Cynos.7.origin was found in 190 games like simulators, platformers, arcades, strategies, and shooters. Some of these games target Russian-speaking users, and other games that target Chinese or international audiences.
“At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience. Even if the mobile phone number is registered to an adult, downloading a child’s game may highly likely indicate that the child is the one who actually using the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers but to anyone else in general,” the researchers added.