If you are an Android user, an important security issue has come to light that could potentially affect you.
After meticulous research, cybersecurity experts have discovered that 92 Android apps have been compromised by the SpinOk malware. If any of these apps are currently installed on your Android smartphone, it is crucial that you remove them immediately.
This new malware strain, disguised as a software development kit (SDK) for advertisers, has infected over 100 Android apps with a combined total of more than 400 million downloads.
This new Android malware, accurately referred to as spyware, can steal sensitive information from even the best Android phones and transfer it to a remote server controlled by hackers behind the campaign.
App developers likely included the SpinOk module, as it initially appears legitimate and incorporates mini-games to provide users with "daily rewards" to keep them engaged.
Unfortunately, SpinOk nefariously uses legitimate presentation to access an Android device's sensor data (including its gyroscope and magnetometer) to determine if it is operating on a genuine phone. Once detected, it proceeds to execute several dangerous actions in the background.
Most Vulnerable Apps
The antivirus developer claims to have further discovered 101 apps that were downloaded from the Google Play Store more than 421 million times. Below is the list of the most affected apps with the most downloads:
- Zapya - File Transfer, Share: 100 million downloads
- Noizz - Video editor with music: 100 million downloads
- MVBit - MV video status maker: 50 million downloads
- Biugo - Video maker & video editor: 50 million downloads
- vFly - Video editor & video maker: 50 million downloads
- Crazy Drop: 10 million downloads
- Fizzo Novel - Offline Reader: 10 million downloads
- Cashzine - Earn money rewards: 10 million downloads
- Tick - Watch to earn: 5 million downloads
- CashEM - Get Rewards: 5 million downloads
While most of the affected apps have been removed from the Play Store, some remain. It is highly advised that you delete any of these installed apps from your Android smartphone right away. In certain cases, updating to the latest versions of these apps may be sufficient, as recent releases have addressed the spyware issue. However, for your overall security, it is advisable that you delete these programs entirely.
How To Avoid Malicious Apps
When it comes to staying safe from such malicious intent, you must be extremely careful when downloading all new apps, even those from the Google Play Store.
Some bad apps still manage to slip past Google’s security checks from time to time, so it is crucial to exercise your best judgment when installing any new app on your phone.
While ratings and reviews can indeed be manipulated, checking an app's rating on the Play Store and reading reviews can still provide valuable insights and information. And to see an app in action before installing it, it is highly recommended to seek outside evaluations, particularly video reviews.
You should also exercise caution when using apps that require further permissions. For example, a game or photo-editing app should not require access to your contacts and call history to function properly.
Consider installing one of the top Android antivirus apps for added security. If you are on a budget, Google Play Protect is preloaded on all Android phones and is free. It can scan your installed apps, as well as any new ones you download, for malware.
Google and other entities are currently conducting investigations to determine how many of these well-known Android apps became infected with this Trojanized SDK. In the meantime, remain vigilant and mindful of any applications you choose to download.