Around 100 Android apps with more than 420 million downloads have been found infected with a malware on the Google Play store. The spyware module, designed as a mini-game, can steal private data stored on users' devices and send it to remote servers, malware analysts said. Impacted apps include Noizz, Zapya, Cashzine and CashEM, among others.
As per a report from Dr Web, dubbed Android.Spy.SpinOk, this spyware is distributed as a marketing software development kit (SDK). Developers can embed it into all sorts of apps and games, including those available on Google Play.
The report said, "On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings. Upon initialisation, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device. For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners."
This gives hackers access to the phone's list of files, allows them to check if a certain file or directory is present on the device, and even allows them to copy or replace the contents of the clipboard. Experts from Doctor Web discovered this spyware module and numerous variations of it in a variety of apps available through Google Play.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.