Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

These spyware-riddled Android apps have been installed over 400 million times - here's how to stay safe

Google Android figure standing on laptop keyboard with code in background

Cybersecurity researchers have discovered a malicious SDK hiding in more than a hundred Android apps, many of which were previously available on the Google Play store. 

After being found by Dr. Web, the SDK was dubbed “SpinOK” - it’s an advertisement module that aims to keep people interested in the ads by offering minigames and daily rewards. 

Although working as intended on the surface, SpinOK was working in the background to exfiltrate sensitive data from the device it was installed on, exposing users to all kinds of risks, from identity theft, to wire fraud, and more.

Millions of downloads

"On the surface, the SpinOk module is designed to maintain users' interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings," the researchers noted. 

However, the apps also stole plenty of data. It first analyzes the endpoint’s sensors to make sure it’s not running in a sandbox, and then it connects to a remote server to download a list of URLs which are used to display the minigames. Then, it lists files in directories, looks for certain documents, and copies them to the remote server, meaning it can exfiltrate videos, images, and other sensitive data. 

Furthermore, the malware is capable of monitoring the clipboard, a method often used by threat actors to steal credit card data, passwords, and gain access to cryptocurrency wallets. 

In total, 101 apps had this SDK integrated, and cumulatively, they were downloaded more than 420 million times from Google Play, only. 

The two most popular compromised apps, according to the researchers are Noizz: video editor with music, and Zapya - File Transfer, Share, both of which had more than 100 million downloads. For the latter, the trojan module was found in versions 6.3.3 to 6.4, with version 6.4.1 being clean. 

Other notable mentions include MVBit - MV video status maker, and Biugo - video maker&video editor, with 50 million downloads each. 

Almost all of the apps have since been removed from the Play Store, the publication says, adding that the complete list of apps can be found here.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.