Reading Time: 2 minutes

According to a report, around 9.3 million Andriod devices are affected by a new type of malware. This malware is said to be disguising itself in the form of various arcades, strategies, and shooter games on Huawei’s AppGallery marketplace.

The object of this malware has been to steal the victim’s information from their mobile device such as phone numbers.

Once the user has installed these malicious apps, they prompt the user for permission reading to manage the phone calls. Additionally, this method collects their phone numbers and gathers sensitive device information such as system metadata, network parameter, and geolocation data.

malware-collected-data

Image Source: Hacker News

The researchers working at Doctor Web discovered this malware. They classified this trojan to fit the description of “Android.Cynos.7.origin” and confirmed that it is a mutated version of the Cynos malware.

Out of the 190 malware-inducing games identified, few were made to only target Russian, Chinese or foreign users from around the world.

According to a statement issued by the Doctor Web researchers:

At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience. Even if the mobile phone number is registered to an adult, downloading a child’s game may highly likely indicate that the child is the one who actually uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers but to anyone else in general.

Even though the applications infected with this malware are no longer available on the app stores, people who have already installed such apps will definitely need to delete them from their devices manually.

Here are the games that were installed the most number of times from the app store.

  • 快点躲起来 (Hurry up and hide) – 2,000,000 installations
  • Cat game room – 427,000 installations
  • Drive school simulator – 142,000 installations

Below you’ll find a screenshot showing the malicious applications asking for advanced permission from the users.

android-malware-permissions

Image Source: HackRead

While many security experts focus on Android malware that contains spyware-like behavior, in reality, most Android phone threats focus on collecting personal information about the user and frauds invoked by advertisements.

While this malware may not deceive users, it boosts up underground data trading, where users’ personal information is sold without their consent.

Here are a few tips for Android users to protect themselves from various malicious apps:

  1. Download mobile applications from authentic and trusted app stores only.
  2. The verified marks against the application would be enough to confirm its legitimacy.
  3. Keep the option ‘install from unknown sources’ disabled on your Android phone.
  4. Start using Android VPN  that offers malware trackers for scanning your phone for malicious content.
  5. Always exercise caution when granting permission to applications.