It’s never fun to learn about a new bout of Android malware discovered on the Play Store. It’s even worse when that malware was downloaded by hundreds of millions of Android users. If you have any of the follow 101 apps on your smartphone, you’ll need to delete them ASAP, and perhaps run an antivirus scan to boot.
How the “SpinOK” malware module works
Table of Contents
As reported by Bleeping Computer, cybersecurity company Doctor Web discovered a new Android spyware module on the Play Store. This module scrapes data from files on your device and sends that information back to bad actors, which is kind of the antithesis of the privacy policy you want from the apps on your smartphone.
The module purports itself to be a marketing SDK, a framework developers can use to add specific functionality to their apps. In this case, the SDK, which Doctor Web calls SpinOK, implements mini games, tasks, and “prizes” in the apps to keep users engaged. While these actions are happening on the surface, SpinOK is sending remote servers your device information, including your gyroscope and magnetometer. This is done in an effort to evade security researchers, who might be running Android in a sandboxed environment to weed out malware.
SpinOK also bypasses your device’s proxy settings, which enables it to hide its network connections. It can then serve you ads thanks to the connection to its remote server, which kicks off the scraping of your device’s data, including listing the files on your device, the location of a specific file or directory, stealing a specific file, and even copying or replacing the contents of your clipboard.
SpinOK apps have been downloaded over 420 million times
Doctor Web’s research shows SpinOK has infected 101 apps across the Play Store, with over 420 million collective downloads. That poses a huge security risk for Android users around the globe. However, the top two apps on that list, Noizz and Zapya, encompass almost half of all those downloads. Doctor Web highlights those apps and eight of the other most downloaded, as these are the ones most likely to be on the average Android user’s smartphone:
- Noizz: video editor with music (at least 100,000,000 downloads).
- Zapya – File Transfer, Share (at least 100,000,000 downloads).
- VFly: video editor&video maker (at least 50,000,000 downloads).
- MVBit – MV video status maker (at least 50,000,000 downloads).
- Biugo – video maker&video editor (at least 50,000,000 downloads).
- Crazy Drop (at least 10,000,000 downloads).
- Cashzine – Earn money reward (at least 10,000,000 downloads).
- Fizzo Novel – Reading Offline (at least 10,000,000 downloads).
- CashEM: Get Rewards (at least 5,000,000 downloads).
- Tick: watch to earn (at least 5,000,000 downloads).
How to protect your smartphone from SpinOK
Lucky for future Android users, it appears Google has scrubbed the vast majority of these apps from the Play Store. The only exception is Zapya, which as of version 6.4.1 no longer contains the malicious SpinOK module. As such, you can’t download the rest going forward, but that doesn’t help you if you already installed any on your device.
That’s why it’s important to look through the official list and see if you have any of those apps on your device. If so, delete it immediately. (If you have Zapya on your device, update it instead.) Google removing an app from the Play Store won’t affect any apps you have on your phone, so the only thing to do is uninstall it yourself. To be safe, try running an Android antivirus app on your phone to root out any issues leftover from the malware.
Here are a few of the top antivirus apps for Android devices, according to PCMag: