Google's App Store - Full Of Spyware

A significant number of Android Apps have been discovered to contain a potentially dangerous software development kit that is being used as spyware. The antivirus company Dr. Web has discovered spyware in over 100 Android applications with over 421 million downloads in Google Play.

They found malicious Software Development Kit (SDK) is hiding in more than a hundred Android Apps, many of which were previously available on the Google Play store. The SpinOK module offers mini games, and apparent prizes to gain users’ interest in downloading.

This module scrapes data from files on your device and sends that information back to bad actors, which is the antithesis of the privacy policy you want from the apps on your smartphone. Dr. Web has named it SpinOk which,  when downloaded to a device, can collect information about files, can send files to the attackers, and can steal clipboard content.

SpinOK also bypasses your device’s proxy settings, which enables it to hide its network connections. It can then serve you ads thanks to the connection to its remote server, which kicks off the scraping of your device’s data, including listing the files on your device, the location of a specific file or directory, stealing a specific file, and even copying or replacing the contents of your clipboard.

SDK connects to the command-and-control server and sends a trove of device information, including data from sensors, which allows it to detect emulator environments. The server response contains numerous URLs used to display advertising banners via WebView.

Additionally, the module can collect a list of files in specified directories, check for the presence of specific files and directories, upload files from the device, and copy or substitute clipboard content. “This allows the trojan module’s operators to obtain confidential information and files from a user’s device, for example, files that can be accessed by Apps with Android.Spy.SpinOk built into them... For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner,” Dr. Web explains.

Google has been notified and has removed some of the apps. In some cases, only certain versions contained the malicious SDK.

So far, the malicious module and various modifications have been identified in a total of 101 applications in Google Play and some of the most popular applications containing the malicious module include Noizz (over 100 million installations), Zapya (over 100 million installations the code was present in versions 6.3.3 to 6.4), VFly (over 50 million downloads), MVBit (more than 50 million installations), and Biugo (over 50 million downloads). Doctor Web has published a list of infected applications.

Protect Your Smartphone From SpinOK

It looks Google has responded to threat and has removed a majority of these Apps from the Play Store, with the notable exception of Zapya, which since the introduction of version 6.4.1 no longer contains the malicious SpinOK module.

However, while users can no longer download the module, that does not help users who have already installed it on their device. That’s why it’s important to look through the official list and see if you have any of those Apps on your device. If so, delete it immediately.

If you have Zapya on your device, update it now. Google removing an app from the Play Store won’t affect any Apps you have on your phone and users are advised to un-install it themselves.

Dr. Web:   GitHub:    Techradar:     LifeHacker:     Security Week:   GHacks:    SCMagazine

You Might Also Read:

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« Cyber Security & The Financial Services Industry
Year in Review: Biggest Application Security Breaches Of 2022 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.