This Play Store malware was downloaded over 420 million times

The malicious SDK has spying and information collection capabilities

New Android spyware has been discovered in the Play Store that has been downloaded over 420 million times.

The spyware, dubbed SpinOK by cybersecurity researchers Doctor Web (via Bleeping Computer), collects data from your device and sends it to remote servers. It also displays ads and manipulates your clipboard.

As shared by Doctor Web, SpinOK is a malicious SDK (software development kit) that developers can use to add mini-games, tasks and prizes to their apps. These features are meant to “spark user interest,” and keep them on the app while collecting information from the back door.

The malicious SDK’s spying and information collection capabilities include:

  • Sending information about your device, such as its model, OS version, screen size, battery level, etc., to remote servers.
  • Using your gyroscope and magnetometer sensors to detect if you are using a real device or a virtual one. This is done to evade security analysis and detection.
  • Displaying ads on your screen.
  • Sccaning your device for files and directories and sending their names and locations to the remote server.
  • Stealing specific files from your device if instructed by the server.
  • Copying or replacing the contents of your clipboard with malicious data.

Doctor Web has identified 101 apps on the Play Store that contain the SpinOK module. These apps have been downloaded more than 420 million times in total, posing a huge security risk for Android users worldwide.

The most popular apps among them are:

  • Noizz: video editor with music – At least 100 million downloads
  • Zapya – File Transfer, Share – At least 100 million downloads
  • VFly: video editor&video maker – At least 50 million downloads
  • MVBit – MV video status maker – At least 50 million downloads
  • Biugo – video maker&video editor – At least 50 million downloads
  • Crazy Drop – At least 10 million downloads
  • Cashzine – Earn money reward – At least 10 million downloads
  • Fizzo Novel – Reading Offline – At least 10 million downloads
  • CashEM: Get Rewards – At least 5 million downloads
  • Tick: watch to earn – At least 5 million downloads

A full list of infected apps can be found here.

Bleeping Computer suggests that Google has removed most of these apps from the Play Store, except for Zapya, which has been updated to remove the SpinOK module. However, if you have already installed any of these apps on your device, you should take action immediately.

You should uninstall the app from your device, even if it has been removed from the Play Store, followed by running an antivirus scan on your device to make sure there are no traces of malware left.

Image credit: Shutterstock

Source: Doctor Web Via: Bleeping Computer