421M Spyware Apps Downloaded Through Google Play

A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.

Spyware disguised as a marketing software development kit (SDK) has been spotted making its way to 101 Android applications, ultimately racking up more than 421 million downloads.
Researchers at Doctor Web call the malicious SDK SpinOk, and report that its advertised as a package of marketing functions, like mini games and prize drawings, to keep visitors using applications for longer periods of time. Instead, unwitting developers helped distribute
spyware
, Doctor Web reported.
Upon initialization, this Trojan SDK connects to a C2 server by sending a request containing a large amount of technical information about the infected device, the researchers explained. Included are data from sensors, e.g., gyroscope, magnetometer, etc., that can be used to detect an emulator environment and adjust the modules operating routine in order to avoid being detected by security researchers.
They added, For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners.
Doctor Web said that it notified Google about the applications distributing the SpinOk Trojan, which were addressed but users who have already downloaded the apps are still at risk. The 10 most-downloaded
compromised Android applications
observed by the team include:
Noizz - video editor with music (at least 100,000,000 installations)
Zapya - File Transfer, Share (at least 100,000,000 installations; the Trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1)
VFly - video editor & video maker (at least 50,000,000 installations)
MVBit - MV video status maker (at least 50,000,000 installations)
Biugo - video maker & video editor (at least 50,000,000 installations)
Crazy Drop - (at least 10,000,000 installations)
Cashzine - Earn money reward (at least 10,000,000 installations)
Fizzo Novel - Reading Offline (at least 10,000,000 installations)
CashEM - Get Rewards (at least 5,000,000 installations)
Tick - watch to earn (at least 5,000,000 installations)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
421M Spyware Apps Downloaded Through Google Play