NewsOnline Security

Google Play Does it Again – SpinOK Spyware to Millions of Users

Android users have infinite sources to download their content. However, there’s just one that can be described as trusted – Google Play Store. Unfortunately, the Android app library has seen better days, as it’s been compromised several times in the past few months. And once again, Google Play Store is hosting a new Android malware distributed as an advertisement SDK – SpinOK.

The Android app store has had its fair share of malware infiltrations in the past, but this time, it’s big. The incident involves infected applications that are collectively downloaded over 400 million times.

With the ability to steal private data stored on users’ devices, this particular trojan is quite dangerous. So, what is SpinOK? What applications are spreading the malware? Find out in the following article.

Another Infiltration – SpinOK on Google Play

In the world of operating systems, we know that Android is not considered to be very secure. That’s mainly due to the fact that users can download anything from any source they stumble upon.

Any file a user downloads can host malicious software, which can lead to drastic consequences. Unfortunately, even Android’s only trusted source is slipping up every once in a while.

Google Play Store’s security measures are excellent, but threat actors have also been elevating their techniques over time.

A while back, infected applications harnessed more than 20 million downloads on Google Play Store. Another incident saw apps with 7 million installs, spreading adware among Android users.

Some campaigns can be easily contained. However, when these apps grow in popularity, things can get out of hand.

In the recent incident, malware (advertisement SDK) was found within multiple apps with over 400 million downloads.

The antivirus company, Dr. Web, tracked the malware as SpinOK and stated that it’s using minigames that lead to “daily rewards” to spark user interest.

SpinOK Games

With a promise of daily rewards, the malware is playing on emotions. It’s attracting users with promises to lure them in. Yeah, the apps might look harmless, but trust us, they’re not.

Mini Games, Huge Threat

When the users launch the apps, everything is presented as promised. The minigames are there on the screen, but the malicious activity is happening in the background.

This malware comes with so many capabilities, and none of them should be taken lightly. SpinOK’s malicious activity includes:

  • Listing files in directories
  • Searching for particular files
  • Uploading files from the device
  • Copying and replacing clipboard contents.

With the ability to exfiltrate files, users’ privacy is largely at risk as this can expose private images, videos, and documents.

Also, whoever’s behind this SDK can easily harvest account passwords and credit card data. Not to mention that the victims’ crypto wallets are up for grabs as well.

Malicious Apps on Google Play – Uninstall Now

If you’re one of the users who downloaded the apps, you should uninstall them immediately. To give our readers a better idea, here are the applications in question:

  • Noizz: video editor with music (at least 100,000,000 installations),
  • Zapya – File Transfer, Share (at least 100,000,000 installations; the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1),
  • VFly: video editor&video maker (at least 50,000,000 installations),
  • MVBit – MV video status maker (at least 50,000,000 installations),
  • Biugo – video maker&video editor (at least 50,000,000 installations),
  • Crazy Drop (at least 10,000,000 installations),
  • Cashzine – Earn money reward (at least 10,000,000 installations),
  • Fizzo Novel – Reading Offline (at least 10,000,000 installations),
  • CashEM: Get Rewards (at least 5,000,000 installations),
  • Tick: watch to earn (at least 5,000,000 installations).

Google received reports about the malicious SDK and removed all of the applications mentioned above. Some of them received immediate clean updates, while others are still pending.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button