Over 400 million Android users are at risk as dangerous malware has infected over 100 apps on Google Play Store. The trojan malware, dubbed SpinOK, is disguised as an advertising software development kit (SDK) and appears legitimate, using mini-games and daily rewards to keep users engaged. However, once installed, it can steal personal data from leading smartphone models and send it to a remote server controlled by hackers.
In partnership with BleepingComputer, researchers at Dr. Web have flagged a new hazardous malware that has infected more than 100 Android applications available for download on the Google Play Store. Dubbed ‘SpinOK’ by security experts, the trojan is disguised as an advertising SDK that appears harmless and offers app developers the option to add various features, such as mini-games and tasks that reward users with prizes. Unfortunately, this SDK also can steal personal information from leading Android devices, including file exfiltration and clipboard modification functionality. This allows hackers to steal private images, videos, and documents, as well as to intercept cryptocurrency payments and redirect them to their crypto wallets.
What makes the situation more concerning is that these apps have been downloaded 421,290,300 times, putting many Android users at risk of cyber threats. The good news is that, after reporting the problem to Google, most of these infected apps have now been removed from the store. However, users are still advised to check for updates on the affected apps and scan their devices with a trusted antivirus solution to prevent a potential infection.
A similar threat, dubbed Goldoson by cybersecurity firm McAfee, has infected 60 apps with over 100 million downloads from the official Google Play Store. This rogue component is embedded in a third-party library used by the affected apps. It has been found to collect information on the user’s installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations. It can also click ads in the background without the user’s knowledge, a technique known as ad fraud.
Following responsible disclosure to Google, all of these affected apps have now been removed from the store, and users are advised to avoid downloading any apps from the Play Store that have not been updated for some time. In addition, users are also urged to use only trustworthy antivirus solutions on their smartphones and to update the Android operating system with its latest security patches to reduce the chances of infection by malware like these.
While Android is an excellent platform for mobile computing, it remains a target of cyber criminals who seek new ways to exploit and take advantage of the millions of devices out there. Fortunately, most of these malware attacks target desktop computers, but this doesn’t mean that Android users should be complacent or assume that their device is safe from such threats.
