Sansec cybersecurity experts: The new parasitic malware, spread by CronRAT, hijacks a host Nginx application to masquerade its presence.
Dr.Web: At least 9.300.000 Android device infected by malware. It’s the Android.Cynos.7.origin’ trojan, a modified version of Cynos, spread on Huawei’s AppGallery. It collects sensitive user data
At least 9.300.000 Android device owners have installed malware-infected apps from Huawei’s AppGallery. It has been discovered by Dr.Web cybersecurity experts. It’s a trojan, dubbed ‘Android.Cynos.7.origin’, and is a modified version of Cynos, designed to collect sensitive user data. The apps ask users for permission to make and manage phone calls. That allows the cybercrime trojan to gain access to certain data. If allowed, the malicious code collects and sends the following information to a remote server:
- User mobile phone number;
- Device location based on GPS coordinates or the mobile network and Wi-Fi access; point data (when the application has permission to access location);
- Various mobile network parameters, such as the network code and mobile country code; also, GSM cell ID and international GSM location area code (when the application has permission to access location);
- Various technical specs of the device;
- Various parameters from the trojanized app’s metadata.