A new malware has been detected that has infected more than 100 apps on Google Play Store. Security researchers at Dr. Web (via BleepingComputer), these apps have a collective downloads of more than 400 million.
The malware is distributed as an advertisement SDK. Researchers say that the spyware is called ‘SpinOk’ and demonstrates a seemingly legitimate behavior, using minigames that lead to ‘daily rewards’ to spark user interest. However, it ends up stealing private data stored on users’ devices and sending it to a remote server.
“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings,” explains Doctor Web’s report.
Dr. Web claims this SDK was found in 101 apps on Google Play Store. Here are the most downloaded apps from the list:
Noizz: video editor with music (100,000,000 downloads)
Zapya – File Transfer, Share (100,000,000 downloads)
VFly: video editor&video maker (50,000,000 downloads)
MVBit – MV video status maker (50,000,000 downloads)
Biugo – video maker&video editor (50,000,000 downloads)
Crazy Drop (10,000,000 downloads)
Cashzine – Earn money reward (10,000,000 downloads)
Fizzo Novel – Reading Offline (10,000,000 downloads)
CashEM: Get Rewards (5,000,000 downloads)
Tick: watch to earn (5,000,000 downloads)
As per the report, all but one of the above apps have been removed from Google Play, indicating that Google received reports about the malicious SDK and removed the offending apps until the developers submitted a clean version.
If you use any of the apps listed above, you should uninstall the app if it is not available on Play Store. However, if it is still available on the app store, it is advisable to update to the latest version.
Download The Mint News App to get Daily Market Updates & Live Business News.
Updated: 31 May 2023, 05:39 PM IST