Over 100 Android apps with more than 400 million downloads combined have been infected with a new malware strain called ‘SpinOk’. The malware was distributed as a software development kit (SDK) for advertisers. Security researchers at Dr. Web and Bleeping Computer discovered and reported the spyware module inside the affected apps.
SpinOk is considered spyware because it steals private data and sends it to a remote server controlled by hackers. App developers added the SpinOk module to their apps, using minigames to provide users with “daily rewards.” SpinOk checks sensor data on Android devices to determine if it’s running on an actual phone.
Malware attacks remain a common tool in the online world, as hackers exploit vulnerabilities to steal sensitive information or money. When malware gains access to devices, the severity of the attack increases dramatically. Dr. Web and Bleeping Computer discovered the spyware SpinOk in more than a hundred apps on the Google Play Store.
The infected apps have been downloaded a total of 400 million times. Some of the affected apps with high downloads include Noizz, Zapya, vFly, MVBit, Biugo, Crazy Drop, Cashzine, Fizzo Novel, CashEM, and Tick. Most vulnerable apps are now unavailable on the Play Store, but some may still be present. Users should delete these apps immediately or update them to the latest version. SpinOk cleverly poses as an advertising Software Development Kit (SDK) and deceives consumers with minigames and daily prizes. Unknowingly, many download the software, leading to the theft and transmission of personal information.
The SpinOk module aims to keep users engaged through minigames, task systems, and attractive rewards. The infected apps varied in severity, with some still containing active malicious software. The trojanized SDK connects to a remote server to download a list of websites that display minigames.
SpinOk performs malicious activities such as listing files, searching for specific files, and uploading files. It can exfiltrate private images, videos, and documents, as well as modify the clipboard to steal passwords and credit card data. It is unclear whether the publishers included the trojanized SDK intentionally or were tricked by a third party.
The large number of downloads makes many Android users vulnerable to these cyber dangers. Caution is madatory when downloading new apps, even from the Google Play Store. Checking an app’s rating and reading reviews can help, but be aware that ratings and reviews can be faked.
External reviews and video reviews provide additional insight before installing an app. Be cautious of apps that request unnecessary permissions. Consider installing an Android antivirus app for additional protection.
Google Play Protect comes pre-installed on Android phones and can scan existing and new apps for malware. Further investigations by Google and others will likely reveal more about SpinOk and its presence in popular Android apps. Stay informed and cautious to protect yourself from bad apps and malware threats.