Security researchers have found 101 Android apps with more than 400 million downloads that are infected with a spyware module called SpinOK.
The said apps are being distributed as a software development kit (SDK) for advertisers. According to the researchers at Dr. Web, they’ve considered it spyware because they can steal private data stored on an Android device and send it to a remote server.
It is said that SpinOk was added by developers to their apps as they appear legitimate at first look and utilize minigames with daily rewards to keep them interesting to unsuspecting victims.
Related
- How to get rid of malware from your Android smartphone
- How to locate lost Android phone using Google Find My Device
SpinOk performs different malicious activities in the background while checking a device’s sensor data (which includes the magnetometer and gyroscope) to figure out whether it’s running on an actual phone or not.
Some of the apps have a download count of as high as 100 million. Here’s a full list of the affected apps. Below are the top 10 with the most downloads, so if you have them on your phone, it’s best to delete them now.
- Zapya – File Transfer, Share – 100M downloads
- Noizz: video editor with music – 100M downloads
- MVBit – MV video status maker – 50M downloads
- vFly: video editor&video maker – 50M downloads
- Biugo – video maker&video editor – 50M downloads
- Cashzine – Earn money reward – 10M downloads
- Crazy Drop – 10M downloads
- Fizzo Novel – Reading Offline – 10M downloads
- Tick: watch to earn – 5M downloads
- CashEM: Get Rewards – 5M downloads
While most of the affected apps are already gone from the Google Play Store, there are still some that are out there for some reason. Also, some of it might have been already installed on your phone.
The report also states that the spyware has already been removed on some of these apps after a new update. Still, it’s best to remove them entirely.