When using mobile devices, be careful. Be very careful.
The reason is because modern mobile devices are smart devices that can connect to the internet 24/7. With that fact, apps that are installed can send data behind people's back, without their knowledge, to who-knows where.
The most concerning, is when those apps were made by bad actors, designed with malicious intentions.
And this time, at least 9.3 million Android devices have been infected by a class of malware that disguises itself as arcade, shooter, and strategy games.
Spread on Huawei's AppGallery marketplace, the mobile campaign was discovered by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the malware is a modified version of the Cynos malware.
According to the report:
Of the total 190+ rogue games the researchers identified, some were designed to target Russian-speaking users, while others were aimed at Chinese or international audiences.
Once installed, the apps will ask for permission to make and manage phone calls.
When this is granted, the apps can freely harvest victims' phone numbers along with other device information such as geolocation, mobile network and Wi-Fi access point data, mobile network parameters, technical specs of the device, and system metadata.
"At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience," Doctor Web researchers said.
"Even if the mobile phone number is registered to an adult, downloading a child's game may highly likely indicate that the child is the one who actually using the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers, but to anyone else in general."
Things can go beyond that, because the Cynos trojan variant can also perform various malicious activities, including installing extra modules or apps, sending premium service SMS, and intercept incoming SMS.
As such, these apps can also drop even stealthier spyware payloads, and can also lead to unexpected charges from subscribing to premium services.
"The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetize them. This platform has been known since at least 2014," explained Doctor Web.
"The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads."
Following Doctor Web's report, the 190+ malware-laced apps were removed from the app store.
However, users who have installed the apps on their devices should manually remove them to prevent further exploitation.
This is where things become more concerning: the apps offered the advertised functionality.
This led to the high number of downloads in the first place.
Because of this, people who have downloaded them were unlikely to remove them if they enjoyed the game.