[ad_1]
Cybersecurity researchers have discovered a malicious SDK hiding in more than a hundred Android apps, many of which were previously available on the Google Play store.
After being found by Dr. Web, the SDK was dubbed “SpinOK” – it’s an advertisement module that aims to keep people interested in the ads by offering minigames and daily rewards.
Although working as intended on the surface, SpinOK was working in the background to exfiltrate sensitive data from the device it was installed on, exposing users to all kinds of risks, from identity theft, to wire fraud, and more.
Table of Contents
Millions of downloads
“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings,” the researchers noted.
However, the apps also stole plenty of data. It first analyzes the endpoint’s sensors to make sure it’s not running in a sandbox, and then it connects to a remote server to download a list of URLs which are used to display the minigames. Then, it lists files in directories, looks for certain documents, and copies them to the remote server, meaning it can exfiltrate videos, images, and other sensitive data.
Furthermore, the malware is capable of monitoring the clipboard, a method often used by threat actors to steal credit card data, passwords, and gain access to cryptocurrency wallets.
In total, 101 apps had this SDK integrated, and cumulatively, they were downloaded more than 420 million times from Google Play, only.
The two most popular compromised apps, according to the researchers are Noizz: video editor with music, and Zapya – File Transfer, Share, both of which had more than 100 million downloads. For the latter, the trojan module was found in versions 6.3.3 to 6.4, with version 6.4.1 being clean.
Other notable mentions include MVBit – MV video status maker, and Biugo – video maker&video editor, with 50 million downloads each.
Almost all of the apps have since been removed from the Play Store, the publication says, adding that the complete list of apps can be found here.
Source link