More than 9 million Huawei users have been infected with malware.The latter stole their data through games, however downloaded on the official platform of the manufacturer.The case recalls that it is necessary to monitor the authorizations given to our applications.

Downloading an application on an official store is an act that seems harmless.Yet more than 9 million Android users have been infected with malware through simple games downloaded from the Huawei application store, Appgallery.An attack, however, was possible to avoid by monitoring authorizations given to applications.

Data stolen by malware through games

This is a report by Dr.web analysts who revealed the case on November 23, 2021. 9.3 million users were contaminated by a computer horse, named Cynos, a malware that has already existed for several years.The fault affects users of certain applications of the Huawei store.Users who no longer have PlayStore, since the breakdown of collaborations between the Chinese company and Google in spring 2019.

Through games like "Cat Game Room" or "Drive School Simulator", Cynos collects and transmits to third parties a stolen data cocktail: telephone number, location, geographic data, device characteristics and a set of dataidentification of your phone.So many data that can be used by hackers or crooked advertisers to target victims, especially with personalized phishing campaigns.

Following Dr.web's notification, the applications concerned were deleted from the Huawei store.But this case is not an isolated phenomenon.Many applications, from video games to weather service, use the same kind of process to collect your data.And this risk is not specific to Huawei's services.Users of Google Play services, and to a lesser extent that of Apple (the Apple Store application submission process is more strict) are also affected by this kind of wild data capture.

Watch out for authorizations given to applications

One way to reduce risks is to remain vigilant to the authorizations you grant to applications, even if they are downloaded from official stores.During the first launch of a new application, the latter will request a series of authorizations to operate.

It is logical that a messaging application like WhatsApp requires access to your microphone and your camera for video calls.But why, for example, a video game or a stopwatch would require access to your call history?In the case of Huawei devices infected with Cynos, applications could only steal data if the authorizations were given by the user.

It is possible to revoke the authorizations given to an application at any time // Source: Capture Cyberguerre screen

On a daily basis, it is also possible to monitor which authorizations are given to your different applications from your phone settings.And to revoke them if necessary, even if certain applications condition their operation to these access to your data.