New Android spyware discovered in 101 apps disguises itself as a harmless marketing SDK (software development kit) that can steal your private data and send it straight to hackers – and the apps have over 421 million downloads.
The Android apps contain a software module with spyware features, including the ability to search and collect personal data to transfer them to the threat actor. This trojan SDK can swipe images, videos and more to do as they please, similar to a ransomware threat.
Detected by security researchers at Dr.Web, the spyware module dubbed “Android.Spy.SpinOk” uses mini-games and daily rewards to interest the user and keep them engaged.
In the background, however, the trojan SDK connects to a command-and-control (C&C) server to send information about the device, including data from sensors such as the gyroscope and magnetometer. “[These} can be used to detect an emulator environment and adjust the module’s operating routine to avoid being detected by security researchers,” Dr.Web states.
The infected app connects to the remote server to receive a list of URLs to display the mini-games and daily rewards, like the examples collected below.
The SpinOk trojan SDK can obtain a list of files in directories, search for specific files, upload the file from the device and copying or substitute the clipboard contents. This means that the threat actors can also steal login credentials and banking information found on the device.
In total, malware analysts found 101 apps with around 421,290,300 downloads. Yikes. Here’s a list of the ten most popular Android apps that contain the Android.Spy.SpinOk SDK.
| Name of apps | Google Play downloads | Status |
| Noizz: video editor with music | +100,000,000 | Available |
| Zapya – File Transfer, Share | +100,000,000 | Updated |
| VFly: video editor&video maker | +50,000,000 | Available |
| MVBit – MV video status maker | +50,000,000 | Available |
| Biugo – video maker&video editor | +50,000,000 | Available |
| Crazy Drop | +10,000,000 | Available |
| Cashzine – Earn money reward | +10,000,000 | Available |
| Fizzo Novel – Reading Offline | +10,000,000 | Available |
| CashEM: Get Rewards | +5,000,000 | Available |
| Tick: watch to earn | +5,000,000 | Available |
Many of these apps are still available on Google Play, but Dr.Web has now notified Google of the threat. However, more Android users are still at risk of installing the apps. The security company provides a complete list of the 101 apps with the spyware-like module you should avoid.
Hundreds of millions of Android users are in danger of having their private data stolen right under their noses. If you recognise any of these apps, you’ll want to delete them right now.
How to remove spyware on Android
The SpinOk module with spyware in these Android apps isn’t something you want to have installed on your device, and it’s clear that hundreds of millions of users are already at risk of becoming victims of stolen data.
For more ways, check out our guide on how to remove malware on Android.
Use antivirus software to protect your device
Simply put, the best way to get rid of spyware, or any type of malicious software, is to use the best antivirus software.
There are many free spyware and malware removal apps that will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.
The SpinOk spyware has been detected in 101 apps, with many of the most downloaded found on the official Google Play Store.
If you find any signs of this spyware in an app (or any type of malware), find below a couple of ways to get rid of dangerous apps on your Android device safely. For more ways, check out our guide on how to remove malware on Android.
Signs of malware on Android
There are telltale signs that your device is under attack, which may include your device’s browser redirecting you to different web pages and installing unwanted toolbars, extensions or plugins. Spyware is no different, so make sure you look out for these signs.
- Your device is slower than usual and crashes frequently.
- Your browser is slower than usual and crashes frequently.
- Browsing through websites takes longer.
- You need to recharge your device more often.
- Apps take longer to load.
- There’s an unknown app or software on your device you didn’t download.
Safely remove an app on Android
- On your Android, press the necessary buttons to turn off your device.
- Tap and hold the Power off icon.
- Press OK to reboot to safe mode. This will restart your device.
- Once restarted, head to Settings.
- Navigate to Apps.
- Select any suspicious apps you wish to remove.
- Tap Uninstall. Restart your device to go back to normal mode.
Clear cache on Android
Clearing your browser and app cache on your device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software like adware can use this to cause more harm. Clearing cache can also help clear up space on your Android, boosting the device’s performance.
- To clear app cache, head to Settings.
- Select Storage and choose Apps.
- Select an app.
- Tap Clear cache.
Many Android owners use Google Chrome as their default browser. Here’s how to clear cache in Chrome on Android.
- On your Android, open Chrome.
- Tap the three vertical dots in the upper-right corner.
- Select Settings.
- Tap Privacy and security.
- Select Clear browsing data.
- To just clear cache, uncheck Browsing history and Cookies and site data.
- Tap Clear data.
What is spyware?
Spyware is a type of malicious software (malware) that sneakily obtains information on a device without the user’s knowledge and sends it to a threat actor. The stolen data can be anything from device information to personal files, photos, videos and more, which can be used to violate the user’s privacy or harm their device. This can lead to stolen passwords, banking accounts or sensitive information.
Spyware can infect devices by disguising themselves as legitimate software, such as an app or email attachment, to trick users into believing what they’ve installed is harmless. Spyware can put a user’s personal safety in danger without any awareness of the device being infected.
Since spyware can be used to track everything a user does, including the websites visited, communications between contacts and apps used daily, it can be easy for an attacker to obtain an assortment of information about a user. This can be used to harm the user directly or can be sold on dark web markets to malicious actors looking to exploit this information.
This nasty type of malware can easily slip past the defences of a device, which is why it’s a good idea to keep an antivirus on at all times to fortify your device.
