Multiple apps have recently been found to contain a new Android malware, which was distributed disguised as an advertisement SDK. These apps have collective downloads of over 400 million times, The malware can be used to access private data stored on the device and send it to remote servers.
Security researchers at Dr. Web discovered this spyware module and called it ‘SpinOK.’ The report claims that SpinkOk demonstrates legitimate behavior and maintains users’ interest in apps with the help of mini-games. In the background, it checks the Android device’s sensor data to find if the app is not running in an emulator environment. Then it connects to a remote server to download a list of URLs to display minigames.
This malicious SDK also adds the following features to the app:
- Obtain the list of files in specified directories,
- Verify the presence of a specified file or a directory on the device,
- Obtain a file from the device, and
- Copy or substitute the clipboard contents.
Researchers found this malicious SDK in 101 apps. Here’s a list of apps with the most downloads.
- Noizz: video editor with music (100,000,000 downloads)
- Zapya – File Transfer, Share (100,000,000 downloads; Dr. Web says the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1)
- VFly: video editor&video maker (50,000,000 downloads)
- MVBit – MV video status maker (50,000,000 downloads)
- Biugo – video maker&video editor (50,000,000 downloads)
- Crazy Drop (10,000,000 downloads)
- Cashzine – Earn money reward (10,000,000 downloads)
- Fizzo Novel – Reading Offline (10,000,000 downloads)
- CashEM: Get Rewards (5,000,000 downloads)
- Tick: watch to earn (5,000,000 downloads)
If you want to check the list of all apps infected by this malicious SDK, check this link.
If you use any of these apps, check if the update is available. If an update for the app is available, it should be clean. In case the app is now on App Store, it is recommended to uninstall it immediately. I will also recommend users install a good Android antivirus to scan their smartphones.
