On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings, the report said. But on clicking on it…
An Android software module, designed as a mini-game, is actually spyware that collects information on files stored on mobile phones and is capable of transferring them to cyber criminals. What’s more, malware analysts have found that the spyware was embedded in 101 apps that had more than 420 million downloads, antivirus company Dr Web reported.
Dubbed Android.Spy.SpinOk, this spyware is distributed as a marketing software development kit (SDK). Developers can embed it into all sorts of apps and games, including those available on Google Play, a report from Dr Web stated.
“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings,” the report said. “Upon initialisation, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device.”
The spyware also measures to adjust its operating routine to avoid being detected by security researchers.
“For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners,” the report stated.
With this, the spyware enables cyber criminals to obtain the list of files on the phone, verify the presence of a specified file or a directory on the device, and even copy or substitute the clipboard contents. Doctor Web specialists found this spyware module and several modifications of it in a number of apps distributed via Google Play.
“Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads. Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web notified Google about the uncovered threat,” the company stated.
It also shared the names of the 10 most popular programs found to carry the Android.Spy.SpinOk trojan SDK:
1.) Noizz: video editor with music (at least 100,000,000 installations)
2.) Zapya – File Transfer, Share (at least 100,000,000 installations; the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1)
3.) Tick: watch to earn (at least 5,000,000 installations).
4.) VFly: video editor&video maker (at least 50,000,000 installations)
5.) MVBit – MV video status maker (at least 50,000,000 installations)
6.) Biugo – video maker&video editor (at least 50,000,000 installations)
7.) Crazy Drop (at least 10,000,000 installations)
8.) Cashzine – Earn money reward (at least 10,000,000 installations)
9.) Fizzo Novel – Reading Offline (at least 10,000,000 installations)
10.) CashEM: Get Rewards (at least 5,000,000 installations)
The full list of apps is available here.
Read more: Israeli spyware used to hack across 10 countries, Microsoft and watchdog say
