Cynos Android Malware Hosted on the Huawei AppGallery
The Cynos Android Malware is a malicious implant, which is being spread through the use of fake app packages hosted on various services and sites. It appears that this particular iteration of the implant is relying on the Huawei AppGallery for propagation. The latter is Huawei's version of the Google Play Store, and it appears to be a great target for cybercriminals. Allegedly, the Cynos Android Malware was downloaded onto millions of devices before the fraudulent packages were finally removed from the Huawei AppGallery. Keep in mind that the implants are still active, and users need to remove them from their Android devices in order to fix the issue permanently.
What Does the Cynos Android Malware Pose As?
This campaign of the Cynos Android Malware appears to disguise the payload as interesting games that belong to various genres. The criminals have also published games in different languages to attract more users – Russian, English, and Chinese. Keep in mind that users did download a working product, so they probably have not noticed anything out of the ordinary. One of the most popular Cynos Android Malware packages accumulated over 2,000,000 downloads. Over 190 malicious apps were identified in this campaign.
Once running, the implant can collect data about the victim's hardware and software. It can also view their mobile number, grab GPS data, and contacts. The dangerous tasks it can execute include sending SMS, running additional apps, and downloading files from the Internet.
Secure your Android device against the malware attacks by using an up-to-date antivirus app at all times.