According to the analysis conducted by a cybersecurity firm, a malicious Android advertising malware called SpinOk has been detected to have been downloaded by over 400 million users on Google Play. SpinOk, embedded in numerous games and applications, poses a significant threat to user privacy by stealing sensitive data.
SpinOk malware found in Google Play apps
SpinOk software attacks users through mini-games and daily rewards. Users who think they can earn money by spinning a wheel or claiming daily rewards fall victim to this malicious software. Operating as an advertising kit in the background, SpinOk also utilizes the device’s sensor data.
The Trojan horse establishes a connection with a remote server to download the mini-games. Despite offering these games to users, it also carries out a range of malicious activities, including searching for specific files, listing directory contents, copying clipboard data, and even uploading files to the device.
Pre-installed malware threat on Android phones! The file-stealing feature of the malware poses a risk of exposing users’ pictures, videos, and documents. Additionally, it can steal sensitive information such as account passwords, credit card details, and even take control of cryptocurrency wallets.
The research indicates that the Trojan horse was present in 101 applications and was downloaded more than 421 million times from Google Play. Among these applications were popular ones like Noizz, Zapya, VFly, MVBit, Biugo, Crazy Drop, and Cashzine. All of these applications have been removed from the Google Play Store.
- Noizz: video editor with music (100 million downloads)
- Zapya – File Transfer, Share (100 million downloads)
- VFly: video editor&video maker (50 million downloads)
- MVBit – MV video status maker (50 million downloads)
- Biugo – video maker&video editor (50 million downloads)
- Crazy Drop (10 million downloads)
- Cashzine – Earn money reward (10 million downloads)
- Fizzo Novel – Reading Offline (10 million downloads)
- CashEM: Get Rewards (5 million downloads)
- Tick: watch to earn (5 million downloads)
It remains uncertain whether the application developers knowingly included this SDK (Software Development Kit) in their apps. Such Trojan horses typically infiltrate through software provided by third-party developers.
If you have installed any of the above applications, we recommend updating them through Google Play.
{{user}} {{datetime}}
{{text}}