Android users at Risk: Dangerous Spyware Detected in Over 100 Apps on Google Play

Android users at Risk: A software module for Android that is disguised as a minigame is actually spyware that accumulates information on files stored on mobile phones and is capable of transferring it to cyber criminals. In addition, malware analysts discovered that the spyware was embedded in 101 applications with more than 420 million downloads, according to Dr Web.

Dubbed Android.Spy.This spyware, SpinOk, is disseminated as a software development kit (SDK) for marketing. According to a report by Dr Web, developers can embed it into a variety of apps and games, including those available on Google Play.

How to send Fake Location on WhatsApp? Steps for iPhone and Android

Android Users at Risk: Dangerous Spyware Detected

The report stated, “On the surface, the SpinOk module is intended to maintain users’ interest in apps through the use of minigames, a system of tasks, and purported prizes and reward drawings.” “Upon initialization, this trojan SDK connects to a C&C server and sends a request containing a great deal of technical information about the infected device”

Additionally, the spyware modifies its operating routine to avoid detection by security researchers.

“For the same reason, it disregards device proxy settings, thereby concealing network connections during analysis. According to the report, “in response, the module receives a list of URLs from the server, which it then opens in WebView in order to display advertising banners.”

This allows cybercriminals to obtain a list of the phone’s files, authenticate the presence of a specified file or directory on the device, and even copy or replace the contents of the clipboard. Doctor Web specialists discovered this spyware module and several variants of it in a number of Google Play applications.

“Our malware analysts detected it in 101 apps with a cumulative download count of at least 421,290,300. Therefore, hundreds of millions of Android device proprietors are susceptible to cyber espionage. “Doctor Web informed Google of the identified threat,” the company stated.