home Technology Cyber Discovered Malware Effects Millions of Smartphones

Discovered Malware Effects Millions of Smartphones

May 31, 2023

This post is also available in: עברית (Hebrew)

A new Android malware that has been disguised as an advertisement is apparently affecting millions of users.

Security researches say that this dangerous malware program has been downloaded by user over 400 million times across multiple apps available on Google Play.

This spyware, nicknamed by security experts as SpinOk, can steal private data stored on users’ devices and send it to a remote server. According to the experts, SpinkOk demonstrates a seemingly legitimate behavior, using minigames that lead to “daily rewards” to spark user interest.

“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings,” explains a Doctor Web’s report on the matter.

While active in the background, SpinOk checks the Android device’s sensor data (gyroscope, magnetometer) to confirm that it’s not running in a sandboxed environment, commonly used by researchers when analyzing potentially malicious Android apps. It then connects to a remote server to download a list of URLs opened used to display expected minigames.

While the minigames are displayed to the apps’ users as expected, experts say that the malware is capable of listing files in directories, searching for particular files, uploading files from the device, or copying and replacing clipboard contents.

The file exfiltration functionality is particularly concerning as it could expose private images, videos, and documents, claim reporters from bleepingcomputer.com.

In addition, SpinOk operators can attempt to steal account passwords and credit card data, or hijack cryptocurrency payments to their own crypto wallet addresses.

The malware was found across 101 apps, with the most downloaded sources being: