Following the discovery that over a hundred Android apps with a combined 400 million downloads actually contained the SpinOk malwaresecurity researchers have now discovered that 92 other apps are also affected.
For those who don’t know, SpinOk is a spyware module that was distributed as a Software Development Kit (SDK) to advertisers. First discovered by the anti virus maker Dr. Webdevelopers unknowingly added it to their apps as a way to embed mini-games that give their users mini-games and “daily rewards” to get their attention.
Unfortunately, however, SpinOk is actually a new strain of malware that can perform a number of malicious activities in the background, including listing files in directories, searching for specific files, uploading files from an infected smartphone, or copying and replacing content on a device’s clipboard. The module’s file exfiltration feature can be abused to expose private images, videos and documents, while hackers can use the clipboard modification feature to steal passwords and credit card data from an infected smartphone.
Although Dr. Web found 101 apps containing the SpinOk malware, cybersecurity firm CloudSEK has now discovered an additional 92 infected apps that have been downloaded 30 million times. Also, to make matters worse, 43 of which were still available on the Play Store at the time of writing, but Google is likely already working on removing them.
Delete these apps right now
By using the Indicators of Compromise (IoC) provided in Dr. Web ReportCloudSEK was able to find even more Android apps infected with SpinOk malware according to BleepingTeam. When CloudSEK launched its own report in this regard, almost half (43) of these bad apps were still available to download from the Play Store.
Below you will find a list of the most popular Android apps that contain SpinOK malware along with their developers. however you can find the full list here in the appendix section of the CloudSEK report.
- macaroni party (XM Studio) – 1 million downloads
- Macaroni boom (XM Studio) – 1 million downloads
- jelly connect (Bling Game) – 1 million downloads
- master mason (Zhinuo Technology) – 1 million downloads
- crazy magic ball (XM Studio) – 1 million downloads
- happy 2048 (Zhinuo Technology) – 1 million downloads
- Mega Win Slots (Jia22) – 500,000 downloads
As with previous Android apps infected with the SpinOk malware, its developers most likely used the malicious SDK as an ad library without knowing that it was actually malicious.
If you have one of these apps or even multiple ones installed on your Android smartphone, it is highly recommended that you remove them immediately. Its developers are likely working to remove the malicious SDK, but it’s not worth taking the risk of leaving them in one of the best android phones at the moment. These apps are probably fine to reinstall later, once the SpinOK module has been removed.
How to stay safe from malware and malicious Android apps
Even the best android apps can become malicious overnight thanks to SpinOk malware and others supply chain attacks. For this reason, it’s a good idea to limit the number of apps you have installed on your Android smartphone and to think twice before adding new ones.
When you want to install a new app, you should check its rating and read reviews carefully while being aware of the fact that both ratings and reviews can be faked. That’s why you also want to look for external reviews and, if possible, video reviews that show an app in action.
Similarly, you should also be careful when installing apps that ask for unnecessary permissions. For example, that photo editing tier or app probably doesn’t need to be able to access your contacts and call history to work.
For additional protection against mobile malware and malicious apps, you should consider installing one of the best antivirus apps for android on your phone. If you are on a tight budget, don’t worry as Google Play Protection (which is free and comes pre-installed on most Android phones) can also scan both your existing apps and any new ones you download for malware.
Now that even more apps have been found to contain the SpinOk malware, it is likely that we will receive an official response from Google soon. However, in the meantime, you should remove any of the apps in question if you have them installed on your Android phone or tablet.
