New Android app malware SpinOk continues to spread to even more apps, as cybersecurity researchers find an additional set of apps with the sneaky software development kit (SDK) – and they have over 30 million installs.
Security firm CloudSEK discovered more apps with Android.Spy.SpinOk spyware disguised as an innocent advertisement SDK, allowing it to steal private data from Android devices. That means emails, passwords, device information, banking information and more.
Alerted by Dr.Web’s findings last week, which found 101 infected apps on the Google Play Store with over 421 million downloads, the CloudSEK security team extended the list to 193 compromised apps. Even worse, 43 of these apps with the SpinOk malware are still available to download on Google Play.
As reported, the SpinOk SDK uses mini-games and daily rewards to interest the user and keep them engaged. In the background, however, the trojan SDK connects to a command-and-control (C&C) server to send information about the device. It can obtain a list of files in directories, search for specific files, upload the file from the device and copying or substitute the clipboard contents.
Many of the apps are game-based to attract users. Developers may be unaware of the SpinOk SDK’s malicious activities, using it for its advertising library.
CloudSEK states that “approximately 30 million individuals” have been compromised by the SpinOk-infested apps. While Google has taken down many apps, many may still be infected by the 421 million downloads reported last week.
Below is a list of the reported apps with up to 5 million installs.
| Name of apps | Google Play downloads | Status |
| HexaPop Link 2248 | +5,000,000 | Removed |
| Macaron Match | +1,000,000 | Available |
| Macaron Boom | +1,000,000 | Available |
| Jelly Connect | +1,000,000 | Available |
| Tiler Master | +1,000,000 | Available |
| Crazy Magic Ball | +1,000,000 | Available |
| Bitcoin Master | +1,000,000 | Removed |
| Happy 2048 | +1,000,000 | Available |
| Mega Win Slots | +500,000 | Available |
A complete list of infected apps can be found in CloudSEK’s article. You’ll want to delete any apps right now if you recognise them. Even better, antivirus software can catch any malicious activity on your device.
The security team reached out to Google about its SpinOk malware findings. Many of the apps have been removed, but many remain.
How to remove SpinOk malware on Android
The SpinOk module with spyware in these Android apps isn’t something you want to have installed on your device, and it’s clear that hundreds of millions of users are already at risk of becoming victims of stolen data.
If you’re wondering what is spyware and how to remove malware on Android, we’ve got just the guides.
Use antivirus software to protect your device
Simply put, the best way to get rid of spyware, or any type of malicious software, is to use the best antivirus software.
There are many free spyware and malware removal apps that will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.
The SpinOk spyware has been detected in 193 apps, and 43 are still up on Google Play.
If you find any signs of this spyware in an app (or any type of malware), find below a couple of ways to get rid of dangerous apps on your Android device safely. For more ways, check out our guide on how to remove malware on Android.
Signs of malware on Android
There are telltale signs that your device is under attack, which may include your device’s browser redirecting you to different web pages and installing unwanted toolbars, extensions or plugins. Spyware is no different, so make sure you look out for these signs.
- Your device is slower than usual and crashes frequently.
- Your browser is slower than usual and crashes frequently.
- Browsing through websites takes longer.
- You need to recharge your device more often.
- Apps take longer to load.
- There’s an unknown app or software on your device you didn’t download.
Safely remove an app on Android
- On your Android, press the necessary buttons to turn off your device.
- Tap and hold the Power off icon.
- Press OK to reboot to safe mode. This will restart your device.
- Once restarted, head to Settings.
- Navigate to Apps.
- Select any suspicious apps you wish to remove.
- Tap Uninstall. Restart your device to go back to normal mode.
Clear cache on Android
Clearing your browser and app cache on your device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software like adware can use this to cause more harm. Clearing cache can also help clear up space on your Android, boosting the device’s performance.
- To clear app cache, head to Settings.
- Select Storage and choose Apps.
- Select an app.
- Tap Clear cache.
Many Android owners use Google Chrome as their default browser. Here’s how to clear cache in Chrome on Android.
- On your Android, open Chrome.
- Tap the three vertical dots in the upper-right corner.
- Select Settings.
- Tap Privacy and security.
- Select Clear browsing data.
- To just clear cache, uncheck Browsing history and Cookies and site data.
- Tap Clear data.
What is spyware?
Spyware is a type of malicious software (malware) that sneakily obtains information on a device without the user’s knowledge and sends it to a threat actor. The stolen data can be anything from device information to personal files, photos, videos and more, which can be used to violate the user’s privacy or harm their device. This can lead to stolen passwords, banking accounts or sensitive information.
Spyware can infect devices by disguising themselves as legitimate software, such as an app or email attachment, to trick users into believing what they’ve installed is harmless. Spyware can put a user’s personal safety in danger without any awareness of the device being infected.
Since spyware can be used to track everything a user does, including the websites visited, communications between contacts and apps used daily, it can be easy for an attacker to obtain an assortment of information about a user. This can be used to harm the user directly or can be sold on dark web markets to malicious actors looking to exploit this information.
This nasty type of malware can easily slip past the defences of a device, which is why it’s a good idea to keep an antivirus on at all times to fortify your device.
