AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

SpinOk spyware found in over 100 android apps with 421 million downloads

Malicious software, identified by Doctor Web, steals data and interacts with users through bogus games and prizes, endangering privacy

This pill is also available in Italian language

The antivirus company, Doctor Web, has detected spy software in more than 100 Android applications. These applications have amassed over 421 million downloads on Google Play. The malicious entity, dubbed 'SpinOk' by Doctor Web, comes in the form of a marketing SDK.

SpinOk hidden features and user interaction mechanisms

SpinOk is designed to harvest data from compromised devices, with capabilities ranging from stealing clipboard content to transmitting files to attackers. To keep users interested in the applications in which it is integrated, the module offers mini-games, activities and alleged prizes. Once launched, the software connects to the command and control (C&C) server, sending a wealth of information about the device, including data from sensors, enabling it to detect emulated environments. In response, the server provides numerous URLs to display banner ads via WebView.

Additional malicious features and risk to user privacy

In addition, SpinOk can compile a list of the files present in certain directories, check for the presence of specific files and directories, upload files from the device and copy or replace the contents of the clipboard. "This allows the operators of the trojan module to obtain sensitive information and files from the user's device - for example, files accessible by apps that have embedded Android.Spy.SpinOk. To do so, attackers would need to insert the corresponding code into the page Banner ad HTML," explains Doctor Web.

Identify and remove infected apps

SpinOk's malicious modifications have been detected in a total of 101 applications on Google Play. Google was notified and removed some of the apps. In some cases, only certain versions contained the malicious SDK. The most popular applications that contained the malicious module include Noizz (over 100 million installs), Zapya (over 100 million installs - the code was present in versions 6.3.3 up to 6.4), VFly (over 50 million downloads) , MVBit (over 50 million installs), and Biugo (over 50 million downloads). Doctor Web has published a complete list of infected applications.

Follow us on Twitter for more pills like this

05/31/2023 11:49

Editorial AI

Complementary pills

Global attack on mobile banking: Anatsa trojan infects Google PlaySophisticated malware aims to steal sensitive data from more than 600 banking applications via malicious droppers on Google Play

Last pills

Hacker attack on ASST Rhodense: sensitive data compromisedSerious consequences for the IT security of Lombardy healthcare facilities

Serious vulnerability in Microsoft Outlook: risk of spoofing in company emailsThe importance of a timely response to mitigate risks associated with security vulnerabilities

Italy: the new DDL Cyber lawNew rules for cybersecurity: strengthening defense and awareness in the digital sector

The importance of the CyberDSA event for digital security in Southeast AsiaSoutheast Asia's leading cybersecurity event between international cooperation and technological innovation