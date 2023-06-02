- Advertisement -

A was found new malware on play store: this time it was Dr.Web researchers who sounded the alarm about SpinOk, essentially a spyware capable of collecting information about files on a device and possibly stealing them. The software also has the ability to identify the contents of the clipboard, upload them to a remote server and possibly modify or replace them, and to read the data detected by the various sensors on board.

Apparently the virus has infected a significant amount of even quite popular apps, as overall they have collected at least 421 million downloads (and it is an optimistic estimate that is based on the statistics of the Play Store itself). In total, the infected apps are 101; among the most popular are Noizz (at least 100 million downloads), Zapya (ditto), VFly (at least 50 million downloads), MVBit (ditto) and Biugo (ditto). If you are interested, the complete list is available on GitHub.

As happens more and more often, the malware was spread via an SDK, in this specific case relating to marketing. It seems like a simple system to keep the user interested in the app or game he is installed in through minigames, small contests, daily activities, challenges and so on, but it has emerged that he is potentially able to connect to a remote server and start to send a large amount of personal data without the user’s knowledge.

Dr. Web says it notified Google about the threat, e Google seems to have wasted no time: at the moment, a random check indicates that few apps are available for download (Zapya, for example, has already removed the malware with the latest version 6.4.1, and therefore is available). Given how Play Protect works, it’s very likely that any instances of the apps were remotely deleted. It is very likely that the developers of the apps involved were unaware that they had implemented a fraudulent piece of software. Let’s imagine that, once cleaned up, the apps will be able to go back online.