421M Spyware Apps Downloaded Through Google Play

  /     /     /  
Publicated : 23/11/2024   Category : security


421M Spyware Apps Downloaded Through Google Play


A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.



Spyware disguised as a marketing software development kit (SDK) has been spotted making its way to 101 Android applications, ultimately racking up more than 421 million downloads.
Researchers at Doctor Web call the malicious SDK SpinOk, and report that its advertised as a package of marketing functions, like mini games and prize drawings, to keep visitors using applications for longer periods of time. Instead, unwitting developers helped distribute
spyware
, Doctor Web reported.
Upon initialization, this Trojan SDK connects to a C2 server by sending a request containing a large amount of technical information about the infected device, the researchers explained. Included are data from sensors, e.g., gyroscope, magnetometer, etc., that can be used to detect an emulator environment and adjust the modules operating routine in order to avoid being detected by security researchers.
They added, For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners.
Doctor Web said that it notified Google about the applications distributing the SpinOk Trojan, which were addressed but users who have already downloaded the apps are still at risk. The 10 most-downloaded
compromised Android applications
observed by the team include:
Noizz - video editor with music (at least 100,000,000 installations)
Zapya - File Transfer, Share (at least 100,000,000 installations; the Trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1)
VFly - video editor & video maker (at least 50,000,000 installations)
MVBit - MV video status maker (at least 50,000,000 installations)
Biugo - video maker & video editor (at least 50,000,000 installations)
Crazy Drop - (at least 10,000,000 installations)
Cashzine - Earn money reward (at least 10,000,000 installations)
Fizzo Novel - Reading Offline (at least 10,000,000 installations)
CashEM - Get Rewards (at least 5,000,000 installations)
Tick - watch to earn (at least 5,000,000 installations)

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
421M Spyware Apps Downloaded Through Google Play