Google's App Store - Full Of Spyware

Uploaded on 2023-06-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A significant number of Android Apps have been discovered to contain a potentially dangerous software development kit that is being used as spyware. The antivirus company Dr. Web has discovered spyware in over 100 Android applications with over 421 million downloads in Google Play.

They found malicious Software Development Kit (SDK) is hiding in more than a hundred Android Apps, many of which were previously available on the Google Play store. The SpinOK module offers mini games, and apparent prizes to gain users’ interest in downloading.

This module scrapes data from files on your device and sends that information back to bad actors, which is the antithesis of the privacy policy you want from the apps on your smartphone. Dr. Web has named it SpinOk which,  when downloaded to a device, can collect information about files, can send files to the attackers, and can steal clipboard content.

SpinOK also bypasses your device’s proxy settings, which enables it to hide its network connections. It can then serve you ads thanks to the connection to its remote server, which kicks off the scraping of your device’s data, including listing the files on your device, the location of a specific file or directory, stealing a specific file, and even copying or replacing the contents of your clipboard.

SDK connects to the command-and-control server and sends a trove of device information, including data from sensors, which allows it to detect emulator environments. The server response contains numerous URLs used to display advertising banners via WebView.

Additionally, the module can collect a list of files in specified directories, check for the presence of specific files and directories, upload files from the device, and copy or substitute clipboard content. “This allows the trojan module’s operators to obtain confidential information and files from a user’s device, for example, files that can be accessed by Apps with Android.Spy.SpinOk built into them... For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner,” Dr. Web explains.

Google has been notified and has removed some of the apps. In some cases, only certain versions contained the malicious SDK.

So far, the malicious module and various modifications have been identified in a total of 101 applications in Google Play and some of the most popular applications containing the malicious module include Noizz (over 100 million installations), Zapya (over 100 million installations the code was present in versions 6.3.3 to 6.4), VFly (over 50 million downloads), MVBit (more than 50 million installations), and Biugo (over 50 million downloads). Doctor Web has published a list of infected applications.

Protect Your Smartphone From SpinOK

It looks Google has responded to threat and has removed a majority of these Apps from the Play Store, with the notable exception of Zapya, which since the introduction of version 6.4.1 no longer contains the malicious SpinOK module.

However, while users can no longer download the module, that does not help users who have already installed it on their device. That’s why it’s important to look through the official list and see if you have any of those Apps on your device. If so, delete it immediately.

If you have Zapya on your device, update it now. Google removing an app from the Play Store won’t affect any Apps you have on your phone and users are advised to un-install it themselves.

Dr. Web:   GitHub:    Techradar:     LifeHacker:     Security Week:   GHacks:    SCMagazine

You Might Also Read:

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Cyber Security & The Financial Services Industry
Year in Review: Biggest Application Security Breaches Of 2022 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

e-Lock

e-Lock

e-Lock services include IT security consulting and training, security systems integration, managed security and technical support.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.