HQ/EMEAFind out how we can help your business
Researchers discovered that the recently identified SpinOk spyware has been residing within various applications available on Google Play, resulting in the infection of more than 400 million Android devices. Based on reports, the malware could steal sensitive user data from compromised devices and exfiltrate it to an attacker-controlled server.
The spyware adopts a clever tactic by displaying itself as a harmless ad SDK and baiting users through games that promise daily rewards. However, this method that uses the trojan SDK could verify the Android device’s gyroscope and magnetometer to ensure that it does not operate within a controlled infrastructure since most researchers use these features to analyse apps that could threaten users.
Moreover, the SDK has hidden capabilities, such as listing files within directories, searching for specific archives, uploading files from the device, or manipulating the clipboard’s contents by duplicating or substituting them. These capabilities are all functional despite the app offering seemingly unhostile mini-games.
Further, the code configuring the clipboard allows the operators of the SDK to harvest account passwords and credit card information or even redirect crypto payments to their cryptocurrency wallet addresses.
The malicious malware operators attached the SpinOk spyware to utility applications that garnered millions of installs.
According to recent investigations, at least 101 applications carry the SpinOk spyware. The infected apps vary from different utility applications that most Android users need.
The confirmed applications carrying the malware are Noizz, Zapya, VFly, MVBit, Biugo, Crazy Drop, and Cashzine.
These applications offer various utility products, such as video editors, video editors with music, MV video status makers, money rewards apps, file transfer tools, and more. Lastly, these applications each made millions of downloads, potentially impacting millions of Android devices worldwide.
The involvement of the publishers of the trojanised applications in including SDK in their code is still not particular to the SpinOk malware. The distributor may have fooled the publisher or intentionally included the malware. Experts claimed these infections could happen through a third-party supply-chain attack.
Users who downloaded the earlier-mentioned applications should uninstall them promptly.
