Disclosures:
Professional Reviews

The reviews found on WizCase consist of evaluations conducted by community reviewers. These assessments take into account the reviewers' unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

WizCase is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we've partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

Wizcase contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on WizCase are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

New Spyware ‘SpinOk’ Infected Apps Put Millions of Android Users at Risk

New Spyware ‘SpinOk’ Infected Apps Put Millions of Android Users at Risk

Shipra Sanganeria
Published by Shipra Sanganeria on June 01, 2023

A new software module with spyware capability was recently discovered by security researchers at Doctor Web. Tracked as ‘SpinOk’, the malware was distributed as a marketing software development kit (SDK). It was found in over a 100 Android apps with cumulative downloads of over 420 million.

The module is said to have spyware functionality as it can extract data from users’ devices and transfer them to threat actor controlled and managed remote servers.

The cleverly designed malware at first glance appears to be legitimate and maintains users’ interest through mini-games and daily rewards (alleged).

When activated, it connects to a command-and-control (C2) server and transfers data from the device’s sensors (gyroscope, magnetometer). This helps it detect controlled (sandbox) environment and adjust its operations to avoid being noticed by security researchers. In a related move, SpinOk bypasses proxy settings, thus hiding network connections during analysis. Then it downloads a list of websites from the remote server for displaying the intended advertising banners (minigames).

As expected, these minigames are visible to the app’s users, but the trojan can gather list of files, verify presence of particular files, copy and replace clipboard contents. These malicious activities can help the hackers access any confidential personal and financial data stored on the victim’s device.

This trojan module and numerous modifications was found in several apps with nearly 421,290,300 downloads. Some popular apps found:

  • Noizz: Video editor with music (100 million installations)
  • Zapya: File transfer and share (100 million installations)
  • VFly: Video editor & video maker (50 million installations)
  • MVBit: MV video status maker (50 million installations)
  • Biugo: Video maker & video editor (50 million installations)

As per the experts’ reports, some of the apps still contained the malicious SDK while others either had it in particular versions or were completely removed from Google Play. The firm also said that they had submitted reports about the undiscovered threat to Google.

Dr. Web’s analysts claim to have found this SDK malware in 101 apps with at least 421,290,300 cumulative downloads. Apparently, a complete list of this SDK infected apps can be found on their website.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback