Google Play Apps With Over 420 Million Downloads Found Hosting Spyware

Spyware Found in 101 Android Applications on Google Play with Over 420 Million Downloads

Antivirus company Doctor Web has identified spyware in more than 100 Android applications that had over 421 million cumulative downloads in Google Play. The company discovered a malicious module in these apps, which is distributed as a marketing software development kit (SDK), named ‘SpinOk’. Upon execution, the malware SDK connects to the command-and-control server and sends device information such as data from sensors, allowing it to detect emulator environments. The server response contains URLs used to display advertising banners via WebView, and the module can collect a list of files in specified directories, check for the presence of specific files and directories, upload files from the victim’s device, and copy or substitute clipboard content.

Distribution of SpinOk via Marketing SDK

The SpinOk malicious module offers mini-games, tasks, and prizes to users. In some specified apps with Android.Spy.SpinOk built into them, the code operators can also obtain confidential information and files from the user’s device. The attackers would need to add the corresponding code into the HTML page of the advertisement banner to obtain some of this sensitive data. Doctor Web has published the full list of infected apps, which Google has been notified about, and multiple apps have been removed.

Analysis of Target Apps

Some of the most popular applications containing the malicious SpinOk module include Noizz, with over 100 million installations, Zapya with over 100 million installations (although the code was present in versions 6.3.3 to 6.4 only), VFly with more than 50 million downloads, MVBit, and Biugo with more than 50 million downloads each. Not all infected apps had malicious SDKs in all their versions, but the security researchers have identified the specific versions and apps that had it to provide an accurate list of problematic apps.

Implications of the Malware and Improving Internet Security

The discovery of the SpinOk module has far-reaching implications, not just for these infected apps’ users but also for those concerned about device and application security. It highlights the challenges of ensuring that mobile applications offered on Google Play and other mobile platforms are free from spyware, malware, and other malicious software. As much of our lives are managed through mobile devices, the importance of cyber resilience and internet security has never been more apparent.

Editorial and Advice

This latest report underscores the need for mobile users to be vigilant. They must update their applications to the latest version and ensure automatic updates are enabled. It would be best if you also remained aware of what permissions the downloaded apps are requesting and what information they can access. It is also crucial to avoid using any third-party application stores as they do not frequently vet or scan the apps for malware. Furthermore, using an antivirus software on your mobile is highly recommended to detect and remove any threats found. Lastly, individuals and organizations should provide regular updates to internet security protocols, especially when insiders have devices with access to sensitive data. While mobile app markets may struggle to keep malicious apps off their platform, individuals and organizations must do their best to minimize the risk of downloading and installing them.