These malicious Android apps spied over 400 million users

/ Hotstar / By
Hotstar in UAE
Hotstar in UAE

You have all heard of malicious Android apps distributed through the Google Play Store before. Not once or twice, but probably dozens of times. Just last week, we came across one such app that spied on its users. Well, security researchers at cybersecurity firm Doctor Web have found 101 more spyware-laden Android apps on the Play Store. Collectively, these malicious apps have been installed more than 421 million times. Now that’s a number that could send chills down the spine of any security-obsessed person.

Named Android.Spy.SpinOk by the firm, this spyware module can collect information on files stored on devices and transfer them to remote servers operated by threat actors behind this campaign. It can also send clipboard contents to them. Effectively, this spyware can steal critical information from your phone without your knowledge and hand it over to malicious actors who can use that information to launch an even more devastating attack. If you have banking details saved in the clipboard or other sensitive files in your phone, you could even lose money.

The spyware affected 101 Android apps and spied on their 421 million users

According to the new report, threat actors distributed this spyware module as a marketing SDK. “On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings,” the researchers explain. These functionalities drive user engagement, which often draws the attention of individual developers who are trying their best to make money off their Android apps and games. So they embed the module into their projects without a second thought.

However, as soon as the app is launched the spyware module is activated, it begins its malicious activities behind the scenes. It uses various tactics to avoid detection. The spyware module can even identify an emulator environment and adjust its operating schedule so security researchers can’t detect it.

The module also ignores device proxy settings to hide network connections during analysis. All of this makes it pretty dangerous spyware. Worse yet, it has already affected more than 421 million Android devices. Below are the top ten affected apps with the most installations.

  • Noizz: video editor with music (100,000,000)
  • Zapya – File Transfer, Share (100,000,000)
  • VFly: video editor&video maker (50,000,000)
  • MVBit – MV video status maker (50,000,000)
  • Biugo – video maker&video editor (50,000,000)
  • Crazy Drop (10,000,000)
  • Cashzine – Earn money reward (10,000,000)
  • Fizzo Novel – Reading Offline (10,000,000)
  • CashEM: Get Rewards (5,000,000)
  • Tick: watch to earn (5,000,000)

Doctor Web has already notified Google about this spyware campaign. But as of this writing, most of the apps are still available on the Play Store. Note that the latest versions of some apps no longer contain the spyware module, including Zapya. You can find the full list of affected apps here. If you have any of those installed, remove it straight away.

2023-06-01 15:15:51