Google's App Store - Full Of Spyware

Uploaded on 2023-06-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A significant number of Android Apps have been discovered to contain a potentially dangerous software development kit that is being used as spyware. The antivirus company Dr. Web has discovered spyware in over 100 Android applications with over 421 million downloads in Google Play.

They found malicious Software Development Kit (SDK) is hiding in more than a hundred Android Apps, many of which were previously available on the Google Play store. The SpinOK module offers mini games, and apparent prizes to gain users’ interest in downloading.

This module scrapes data from files on your device and sends that information back to bad actors, which is the antithesis of the privacy policy you want from the apps on your smartphone. Dr. Web has named it SpinOk which,  when downloaded to a device, can collect information about files, can send files to the attackers, and can steal clipboard content.

SpinOK also bypasses your device’s proxy settings, which enables it to hide its network connections. It can then serve you ads thanks to the connection to its remote server, which kicks off the scraping of your device’s data, including listing the files on your device, the location of a specific file or directory, stealing a specific file, and even copying or replacing the contents of your clipboard.

SDK connects to the command-and-control server and sends a trove of device information, including data from sensors, which allows it to detect emulator environments. The server response contains numerous URLs used to display advertising banners via WebView.

Additionally, the module can collect a list of files in specified directories, check for the presence of specific files and directories, upload files from the device, and copy or substitute clipboard content. “This allows the trojan module’s operators to obtain confidential information and files from a user’s device, for example, files that can be accessed by Apps with Android.Spy.SpinOk built into them... For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner,” Dr. Web explains.

Google has been notified and has removed some of the apps. In some cases, only certain versions contained the malicious SDK.

So far, the malicious module and various modifications have been identified in a total of 101 applications in Google Play and some of the most popular applications containing the malicious module include Noizz (over 100 million installations), Zapya (over 100 million installations the code was present in versions 6.3.3 to 6.4), VFly (over 50 million downloads), MVBit (more than 50 million installations), and Biugo (over 50 million downloads). Doctor Web has published a list of infected applications.

Protect Your Smartphone From SpinOK

It looks Google has responded to threat and has removed a majority of these Apps from the Play Store, with the notable exception of Zapya, which since the introduction of version 6.4.1 no longer contains the malicious SpinOK module.

However, while users can no longer download the module, that does not help users who have already installed it on their device. That’s why it’s important to look through the official list and see if you have any of those Apps on your device. If so, delete it immediately.

If you have Zapya on your device, update it now. Google removing an app from the Play Store won’t affect any Apps you have on your phone and users are advised to un-install it themselves.

Dr. Web:   GitHub:    Techradar:     LifeHacker:     Security Week:   GHacks:    SCMagazine

You Might Also Read:

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Cyber Security & The Financial Services Industry
Year in Review: Biggest Application Security Breaches Of 2022 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

CSC Cyber Games

CSC Cyber Games

CSC Cyber Games is an innovative platform dedicated to empowering individuals with the tools and knowledge to excel in the ever-evolving world of cybersecurity.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

Clutch Security

Clutch Security

Clutch Security are on a mission to secure all Non-Human Identities. Everywhere.

Faddom

Faddom

Faddom is an agentless tool that visualizes your on-premises and cloud infrastructure, as well as their inter-dependencies.

Virtual Cyber Labs

Virtual Cyber Labs

Virtual Cyber Labs is a 21st generation Cybersecurity Edu-Tech company that offers an all-in-one hub including custom syllabus and labs.

Spectrotel

Spectrotel

Spectrotel, a trusted provider of Managed Network Solutions, elevates your network with solutions built on cutting-edge technologies.