These spyware-riddled Android apps have been installed over 400 million times - here’s how to stay safe

More than 100 Android apps were found carrying a malicious SDK

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have discovered a malicious SDK hiding in more than a hundred Android apps, many of which were previously available on theGoogle Play store.

After being found byDr. Web, the SDK was dubbed “SpinOK” - it’s an advertisement module that aims to keep people interested in the ads by offering minigames and daily rewards.

Although working as intended on the surface, SpinOK was working in the background to exfiltrate sensitive data from the device it was installed on, exposing users to all kinds of risks, fromidentity theft, to wire fraud, and more.

Millions of downloads

“On the surface, the SpinOk module is designed to maintain users' interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings,” the researchers noted.

However, the apps also stole plenty of data. It first analyzes the endpoint’s sensors to make sure it’s not running in a sandbox, and then it connects to a remote server to download a list of URLs which are used to display the minigames. Then, it lists files in directories, looks for certain documents, and copies them to the remote server, meaning it can exfiltrate videos, images, and other sensitive data.

Furthermore, the malware is capable of monitoring the clipboard, a method often used by threat actors to steal credit card data, passwords, and gain access to cryptocurrency wallets.

In total, 101 apps had this SDK integrated, and cumulatively, they were downloaded more than 420 million times from Google Play, only.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Over 50 Chinese apps banned in fresh crackdown by the Indian government>Windows 11 now has much better protection against brute-force attacks>Keep your business safe with the best malware removal tools

The two most popular compromised apps, according to the researchers are Noizz: video editor with music, and Zapya - File Transfer, Share, both of which had more than 100 million downloads. For the latter, the trojan module was found in versions 6.3.3 to 6.4, with version 6.4.1 being clean.

Other notable mentions include MVBit - MV video status maker, and Biugo - video maker&video editor, with 50 million downloads each.

Almost all of the apps have since been removed from the Play Store, the publication says, adding that the complete list of apps can be foundhere.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

Herman Miller Aeron gaming chair review: premium, highly customizable comfort