Antivirus company Dr Web alerted millions of mobile phone users that an Android software module, designed as a mini-game, is actually spyware that collects information on files stored on mobile phones and is capable of transferring them to cyber criminals.
Malware analysts have found that the spyware was embedded in 101 apps that had more than 420 million downloads, the report by Dr Web said.
Dubbed Android.Spy.SpinOk, this spyware is distributed as a marketing software development kit (SDK).
Read More on the Topic:
- How dangerous are large language models such as ChatGPT and what threat do they pose to cybersecurity
- Middle East companies prioritise unification, automation of cybersecurity estates: Report
- Fake ChatGPT scams users out of thousands of dollars: Report
Developers can embed it into all sorts of apps and games, including those available on Google Play, the report said.
“On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings. However, upon initialisation, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device,” the report said.
The spyware has also created measures to adjust its operating routine to avoid being detected by security researchers.
The report said the spyware ignores device proxy settings, which allows it to hide network connections during analysis.
“In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners,” it said.
Dr Web specialists found this spyware module and several modifications of it in a number of apps distributed via Google Play.
“Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads. Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web notified Google about the uncovered threat,” the company said.
Follow us on
