These Android apps found to carry malicious spyware

A significant number of Android apps, including several that were previously available on the Google Play Store, have been discovered to contain a potentially dangerous software development kit.

The recently identified SDK, known as “SpinOK,” was brought to light by Dr. Web. This particular software development kit is an advertising module that utilizes various tactics, such as offering mini-games and daily rewards, to engage users and maintain their interest in the displayed advertisements.

Upon investigation, Dr. Web uncovered an SDK and bestowed upon it the name “SpinOK.” Disguised as a seemingly innocuous ad module employing enticing features like mini-games and daily prizes, SpinOK aimed to sustain user engagement with the displayed advertisements.

However, unbeknownst to users, this seemingly harmless module was surreptitiously extracting sensitive information from the device it was installed on. As a result, users unwittingly faced heightened risks of identity theft, wire fraud, and various other forms of cybercrime.

“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings,” the researchers stated.

Beyond its deceptive functionality, the discovered SDK was involved in extensive data theft through the compromised apps. To ensure it was not operating within a sandbox environment, the malicious software checked the sensors of the targeted device.

Image source: Unsplash

Once confirmed, it established a network connection to fetch a roster of URLs essential for rendering the embedded mini-games. Disturbingly, this allowed the SDK to pilfer a wide range of content, including videos, photos, and other private information. By systematically scanning directories, searching for specific documents, and subsequently transferring them to a remote server, the malware enabled unauthorized access to users’ sensitive files.

Additionally, the malware exhibited a common tactic employed by malicious actors: monitoring the clipboard to collect sensitive information. This technique heightened the risk of further data exposure, as the SDK clandestinely tracked and intercepted data stored in the clipboard, potentially compromising critical details and exacerbating the threat to user privacy.

Over 420 million downloads

The extent of the SDK’s reach is staggering, with over 420 million instances of apps containing this SDK being downloaded solely from Google Play. Among the compromised apps, researchers identified two highly popular ones, Noizz: video editor with music and Zapya – File Transfer, Share, both boasting over 100 million users.

The trojan module was found in versions 6.3.3 through 6.4 of Zapya, while version 6.4.1 was verified as clean. Notably, other heavily downloaded apps, including MVBit (an MV video status producer) and Biugo (a video maker and editor), accumulated over 50 million downloads each.

Here are some of the most downloaded apps identified by Dr. Web:

Noizz: video editor with music – 100,000,000 downloads
Zapya – File Transfer, Share – 100,000,000 downloads (Trojan module present in versions 6.3.3 to 6.4, but absent in the current version 6.4.1)
VFly: video editor&video maker – 50,000,000 downloads
MVBit – MV video status maker – 50,000,000 downloads
Biugo – video maker&video editor – 50,000,000 downloads
Crazy Drop – 10,000,000 downloads
Cashzine – Earn money reward – 10,000,000 downloads
Fizzo Novel – Reading Offline – 10,000,000 downloads
CashEM: Get Rewards – 5,000,000 downloads
Tick: watch to earn – 5,000,000 downloads

The article reports that nearly all of the implicated apps have been removed from Google Play Store, and interested readers can consult the comprehensive list of affected apps for further information.

Thank you for being a Ghacks reader. The post These Android apps found to carry malicious spyware appeared first on gHacks Technology News.

gHacks Technology News