fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Over Nine Million Android Devices Infected by Info-stealing Trojan

Over Nine Million Android Devices Infected by Info-stealing Trojan

A large-scale malware campaign on Huawei’s AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps. 

The trojan is detected by Dr.Web as ‘Android.Cynos.7.origin’ and is a modified version of the Cynos malware designed to collect sensitive user data.

The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.

However, those who installed the apps on their devices will still have to remove them from their Android devices manually.

Also Read: What Is Data Sovereignty and How Does It Apply To Your Business?

Trojan disguised as game apps

The threat actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS strategy, and shooting games for Russian-speaking, Chinese, or international (English) users.

As they all offered the advertised functionality, users were unlikely to remove them if they enjoyed the game.

The list of the Cynos malware apps is too extensive to share here, but some notable examples that stand out due to having a large number of installations are listed below:

  • 快点躲起来 (Hurry up and hide) – 2,000,000
  • Cat adventures – 427,000
  • Drive school simulator – 142,000
One of the trojanized apps
One of the trojanized apps.
Source: Dr. Web

Since it’s impractical to compare your list of installed apps to the full list of 190 malicious apps, the more straightforward solution would be to run an AV tool that can detect Cynos trojans and their variants.

Powerful malware

The functionality of this Cynos trojan variant can perform various malicious activities, including spying on SMS texts and downloading and installing other payloads.

“The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetize them. This platform has been known since at least 2014,” explained Doctor Web malware analysts in their report.

“Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps.”

“The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads.”

The aggressive nature of the trojan becomes apparent right from the installation phase when it asks for permission to perform activities that are not generally associated with a game, such as making phone calls or detecting users’ locations.

Also Read: What a Vulnerability Assessment Shows and How It Can Save You Money

Risky permission request from a laced game
Risky permission request from a laced game
Source: Dr. Web

If the user grants the permission requests, the malware can exfiltrate the following data to a remote server:

  • User mobile phone number
  • Device location based on GPS coordinates or the mobile network and Wi-Fi access point data
  • Various mobile network parameters, such as the network code and mobile country code; also, GSM cell ID and international GSM location area code
  • Various technical specs of the device
  • Various parameters from the trojanized app’s metadata

In addition to the above, Cynos trojans can potentially download and install extra modules or apps, send premium service SMS, and intercept incoming SMS.

As such, these apps can lead to unexpected charges from subscribing to premium services, and they can also drop even stealthier spyware payloads.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us