News Heads uses third party cookies and similar technologies to enhance your browsing experience and ad services. By using this website you agree to our updated Privacy Policy and Terms of use. Learn more
  1. Home
  2. Tech
  3. Review

Large-scale spyware found in 101 Android apps with over 421 million downloads

Wednesday, 31 May 2023 04:22:57 PM
Large-scale spyware found in 101 Android apps with over 421 million downloads (Image: pixabay.com)

Delhi : A marketing software development kit used in 101 applications that have reportedly been downloaded 421 million times contains a previously unidentified kind of Android malware. Researchers at Doctor Web Ltd. have described a spyware component dubbed "SpinOk" that entices users with mini-games and offers a variety of incentives. When the spyware is turned on, it establishes a connection with a command and control server and sends extensive technical data about the infected device. SpinOk also tries to get beyond security experts' methods of detection, such identifying emulation environments and disregarded proxy settings.

In order to gather a list of files, confirm the presence of specified files or directories, copy or alter data from the clipboard, and deliver adverts, the module augments JavaScript code on loaded webpages. Such files might expose private information if they are accessed.

Both the file sharing programme Zapya and the video editor Noizz, both with 100 million downloads, are infested with SpinOK. In addition, a number of additional applications with download counts between 5 million and 10 million are also impacted, including the video tools VFly, MVBit, and Biugo, each of which has had at least 50 million downloads.

According to Bud Broomhead, CEO of internet of things security platform provider Viakoo Inc., "the threat actors have dug deeply into a niche of Android games, those focused on making money for the player." It's possible that they are concentrating on that market for a particular reason, such as keeping track of the money's movement to bank accounts or anticipating that the player may have particular files that can be further abused.

However, Broomhead pointed out that the amount of purported downloads is extraordinarily high and could not correspond to reality. Broomhead noted that if there are over 2 billion Android phones and tablets in circulation worldwide and this spyware module has been installed 421 million times, then approximately one out of every five phones are affected. "There are still 316 million "active" downloads if estimates that 25% of apps are downloaded once and never used again are correct."

The incident, according to Krishna Vishnubhotla, vice president of product strategy at mobile security solutions vendor Zimperium Inc., could serve as a cautionary tale for software development kit-using mobile app developers.

"All of them are integrated to accomplish a specific known task, whether free or paid, but no one checks what else the SDK can do, especially when it runs within an app on an end-user device," Vishnubhotla claimed. As most suspicious activity code is downloaded only when specific circumstances are satisfied on the device to evade detection, malicious actors don't make this easy either. A source code scanner may therefore first see the SDK as innocent.

Next Story
Samsung Galaxy F54 5G: Unveiling date, anticipated pricing, and additional information
Twitter's new feature: Community notes for images and videos to enhance user experience
Top News