This Android malware was downloaded more than 420 million times

It’s never fun to hear about a new Android malware attack discovered on the Play Store. It’s even worse when that malware was downloaded by hundreds of millions of Android users. If you have any of the following 101 apps on your smartphone, you’ll want to remove them as soon as possible and maybe run an antivirus scan to start.

How the “SpinOK” malware module works

As reported by Bleeping Computercybersecurity company Doctor Web discovered a new Android spyware module on the Play Store. This module extracts data from files on your device and sends that information to bad actors, which is kind of antithetical to the privacy policy you want from apps on your smartphone.

The module is intended to be a marketing SDK, a framework that developers can use to add specific functionality to their apps. In this case, the SDK, which Doctor Web calls SpinOK, implements mini-games, tasks, and “rewards” in the apps to keep users engaged. As these actions occur on the surface, SpinOK sends information from your device, including its gyroscope and magnetometer, to remote servers. This is done in an effort to evade security researchers, who might be running Android in a sandboxed environment to remove the malware.

SpinOK also bypasses your device’s proxy settings, allowing you to hide your network connections. It can then show you ads thanks to connecting to its remote server, which initiates scraping of your device data, including the list of files on your device, the location of a specific file or directory, theft of a specific file, and even copy or replace the contents of your clipboard.

SpinOK apps have been downloaded over 420 million times

Doctor Web’s research shows SpinOK has infected 101 apps on the Play Store, with more than 420 million collective downloads. That represents a huge security risk for Android users around the world. However, the top two apps on that list, Noizz and Zapya, account for nearly half of all those downloads. Doctor Web highlights those apps and eight of the other most downloaded apps, as these are the ones most likely to be on the average Android user’s smartphone:

  • Noizz – video editor with music (at least 100,000,000 downloads).
  • Zapya: file transfer, sharing (at least 100,000,000 downloads).
  • VFly – video editor and video creator (at least 50,000,000 downloads).
  • MVBit – MV Video Status Maker (at least 50,000,000 downloads).
  • Biugo – video maker and video editor (at least 50,000,000 downloads).
  • Crazy Drop (at least 10,000,000 downloads).
  • Cashzine – Win a money reward (at least 10,000,000 downloads).
  • Fizzo Novel – Offline reading (at least 10,000,000 downloads).
  • CashEM – get rewarded (at least 5,000,000 downloads).
  • Check: watch to win (at least 5,000,000 downloads).

How to protect your smartphone from SpinOK

Luckily for future Android users, it seems that Google has removed the vast majority of these apps from the Play Store. The only exception is Zapya, which as of version 6.4.1 no longer contains the malicious SpinOK module. As such, you can’t download the rest in the future, but that doesn’t help you if you’ve already installed some on your device.

That is why it is important to look through the official list and see if you have any such apps on your device. If so, delete it immediately. (If you have Zapya on your device, update it.) Removing an app from the Google Play Store won’t affect any apps you have on your phone, so all you have to do is uninstall it yourself. To be sure, try running an android antivirus app on your phone to remove any remaining issues from the malware.

Here are some of the above antivirus applications for android devices, according to PC Mag: