Millions of Android users can be spied on: More than 421 million people downloaded infected programs

May 30, 2023  12:13

Information security company Doctor Web has discovered a malicious software module for Android that can spy on users and transfer their files and data to cybercriminals. The module named SpinOk is found in various applications that have been downloaded more than 421 million times.

The SpinOk module is said to be embedded by developers in various Android games and apps available, including on Google Play. It is distributed under the name of Marketing SDK which offers users mini-games, task system and prize draws.

At the same time, it connects to the C&C server and sends it technical data about the infected device, including sensor data. This allows the module to hide its activity from information security professionals.

In addition, the module extends the JavaScript code in the ad web pages that it loads in the WebView. Such code can get a list of files in specified file directories, check for the existence of a given file or directory on a device, get files, see and modify the contents of buffer files on devices. This allows attackers to gain access to private, confidential data and files on a user's device.

Doctor Web specialists have discovered this Trojan module, and several versions of it are distributed in 101 apps via Google Play.

"Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web informed Google about the detected threat," the website of the information security company says.


 
 
 
 
  • Archive