In a shocking revelation, cybersecurity researchers at Dr. Web have uncovered a new strain of Android malware that has made its way into multiple apps, previously available for download on the Google Play Store. This insidious malware, collectively downloaded over 400 million times, poses a significant threat to users' privacy and data security.

The recently discovered spyware, known as 'SpinOk' according to cybersecurity firm Dr. Web, functions as an integral component of an advertisement software development kit (SDK) that surreptitiously embeds itself within legitimate applications. Its main purpose is to illicitly gather private data from users' devices and surreptitiously transmit it to a remote server, all without the users' awareness or consent. Dr. Web's report sounds the alarm, cautioning users about the significant risks associated with this malicious software.

The malicious SDK employed by SpinOk employs deceptive tactics to engage users, such as offering enticing daily rewards and incorporating mini-games to pique their interest. These seemingly innocent features serve as a smokescreen for the underlying nefarious activities the spyware performs.

Behind the scenes, SpinOk utilizes advanced techniques to evade detection and analysis. By monitoring the gyroscope and magnetometer data on the Android device, the trojan SDK verifies whether it is being scrutinized in a controlled environment, commonly employed by security researchers to assess potentially malicious apps.

Once SpinOk completes its security checks, it establishes a connection with a remote server to fetch a collection of URLs. These URLs serve as a vital component in delivering the expected mini-games to users. While users immerse themselves in these mini-games, completely unaware of any malicious activity, the SDK clandestinely carries out various harmful operations in the background.

The SpinOk SDK possesses several alarming capabilities. It can scan directories, search for specific files, upload files from the compromised device, and even manipulate clipboard contents. Of particular concern is its file exfiltration functionality, which puts users' private images, videos, and documents at risk of exposure and compromise.

Moreover, the ability of the SDK to manipulate the clipboard has sparked significant alarm. This feature empowers the malware operators to gain unauthorized access to highly sensitive information, encompassing login credentials, financial data such as credit card details, and even take hold of cryptocurrency transactions, redirecting funds to their own crypto wallet addresses.

In a startling revelation, Dr. Web's investigation has brought to light a disturbing finding - the presence of the malicious SpinOk SDK in a staggering number of apps. This malicious SDK was discovered in a total of 101 apps, resulting in an astounding cumulative download count of over 421,290,300 from the Google Play Store. Among the affected apps are several well-known and popular ones, including Noizz, Zapya, VFly, MVBit, Biugo, Crazy Drop, Cashzine, Fizzo Novel, CashEM, and Tick. Notably, Google Play acted swiftly upon learning about the malware's existence and promptly removed all the mentioned apps, with the exception of one. This proactive response demonstrates their commitment to protecting users from potential threats. Only after developers had thoroughly cleaned their software and submitted updated versions were the apps reinstated on the platform.

It is highly recommended that individuals who have downloaded any of the aforementioned apps take immediate action to safeguard their devices. Updating to the latest versions of these apps from the official Google Play Store is crucial as it will likely include security measures to protect against the malware. However, in cases where an app has been removed from the official store, it is imperative to uninstall it without delay.

Read next: Increased Interest and Career Opportunities in Cybersecurity Emerge in May 2023