A new Android malware named ‘SpinOk’ has been discovered in multiple apps, previously available on Google Play and collectively downloaded over 400 million times.
Security researchers at Dr. Web identified the spyware module, warning that it can steal private data from users’ devices and transmit it to a remote server. The malware, disguised as an advertisement SDK, presents itself with seemingly legitimate behavior, utilizing enticing minigames and daily rewards to engage users while conducting malicious activities in the background.
The trojan SDK employed by SpinOk checks the sensor data of Android devices to confirm that it’s not running in a sandboxed environment typically used for analyzing potentially harmful apps.
Once connected to a remote server, the malware downloads a list of URLs to display expected minigames. While users interact with the displayed minigames, the SDK secretly performs additional malicious functions, such as accessing directories, searching for specific files, uploading files from the device, and manipulating clipboard contents.
Dr. Web discovered that the SpinOk SDK was present in 101 apps, collectively downloaded more than 421 million times from Google Play. However, all but one of the listed apps have been removed from the official app store, indicating that Google took action upon receiving reports about the malicious SDK.
It remains unclear whether the app publishers were deceived by the SDK’s distributor or knowingly included the malware in their code. To mitigate the risk, users are advised to update the affected apps to their latest clean versions available on Google Play.
In cases where the apps are no longer available on the official store, immediate uninstallation is recommended, followed by a thorough device scan using a reliable mobile antivirus tool.
The complete list of apps reportedly utilizing the SpinOk SDK can be found on Dr. Web’s website, emphasizing the need for users to remain vigilant and take appropriate measures to safeguard their devices and data.
