Over 9 million Huawei users have been infected with malware. The latter stole their data through games, yet downloaded on the manufacturer’s official platform. The case reminds us that it is necessary to monitor the authorizations given to our applications.
It seems harmless to download an app from an official store. And yet, over 9 million Android users have been infected with malware through simple games downloaded from Huawei’s app store, the AppGallery. An attack that it was however possible to avoid by monitoring the permissions given to applications.
Data stolen by malware through games
This is a report from analysts at Dr.Web that revealed the case on November 23, 2021. 9.3 million users have been infected with a computer Trojan horse, named Cynos, malware that has been around for several years. The flaw affects users of certain apps in Huawei’s store. Users who no longer have PlayStore, since the breakdown of collaborations between the Chinese company and Google in spring 2019.
Through games such as “” or “”, Cynos collects and transmits a cocktail of stolen data to third parties: phone number, location, geographic data, device characteristics and a set of data identifying your phone. . This data can be used by hackers or crooked advertisers to target victims, especially with personalized phishing campaigns.
As a result of Dr.Web’s notification, the affected apps have been removed from Huawei’s store. But this case is not an isolated phenomenon. Many applications, from video games to weather services, use the same kind of process to collect your data. And this risk is not unique to Huawei services. Users of Google Play services, and to a lesser extent those ofApple (the application submission process of theApple Store is stricter) are also affected by this kind of wild data capture.
Pay attention to the permissions given to applications
One way to reduce the risk is to remain vigilant about the permissions you grant to apps, even if they are downloaded from official stores. When launching a new application for the first time, it will ask for a series of authorizations to operate.
It makes sense that a messaging app like WhatsApp would ask for access to your mic and camera for video calls. But why, for example, would a video game or a stopwatch ask for access to your call history? In the case of Huawei devices infected with Cynos, apps could only steal data if the permissions were given by the user.
On a daily basis, it is also possible to monitor what permissions are given to your various applications from your phone settings. And to revoke them if necessary, even if certain applications condition their operation on this access to your data.
CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market. Learn more about CyberGhost’s VPN solution