Many smartphone users download apps without thinking about malicious software. It's hiding in Android apps more often than you think.
Munich – Whether for photo editing, gaming or the latest news: apps are downloaded millions of times a day from app stores. More often than most people think, however, malware is hiding behind it.
Malware in apps – already over 400 million downloads
As the website Dr.Web revealed, there is an Android software module that contains so-called spyware. This is malicious software that infects the smartphone and shares information, personal data, as well as the activity of smartphone users with third parties. As a result, targeted personalized advertising is placed or even attempts are made to change configurations of the smartphone. As Dr. Web writes, the malware is called "Android.Spy.SpinOk" and is disguised as a "Software Development Kit" (SDK).
Many Android apps in the Google Play Store contain malware. © Panthermedia/Imago (symbolic image)
The common thing is that developers can simply insert the spying software into their apps and games without smartphone users noticing. From the outside, it is not apparent in the Google Play Store that such malware is contained in an app. If an infected app is used, pop-ups appear more frequently, suggesting to users a mini-game where prizes can be won and rewards can be obtained. In fact, a lot of technical information about one's own device is sent to third parties during use.
These apps are infected with the malware
If the app with integrated Android.Spy.SpinOk has access to confidential information or files, they are no longer safe from others. The Trojan module and other offshoots have been found in many apps that can be downloaded from Google Play. Some of them have already been deleted, and in other apps the malware has only been included in certain versions. In many apps, the malicious SDKs are still integrated today.
In these apps, Dr. Web found the Trojan SDK:
- Noizz: at least 100,000,000 installations
- Zapya: at least 100,000,000 installations – no longer available in the current version
- VFly: at least 50,000,000 installations
- MVBit: at least 50,000,000 installations
- Biugo: at least 50,000,000 installations
- Crazy Drop: at least 10,000,000 installs
- Cashzine: at least 10,000,000 installations
- Fizzo Novel: at least 10,000,000 installations
- CashEM: at least 5,000,000 installations
- Tick: at least 5,000,000 installations
The analysts at Dr. Web found the malware in a total of 101 apps. These recorded a total of over 420 million downloads. Many Android users are therefore mostly at the mercy of this malware without protection. Antivirus apps can be used to render this malware harmless – these are also available for download in the Google Play Store. In addition to malware, there are also more and more apps that literally eavesdrop on smartphone users. One IT expert even said that "the smartphone is like a bug in your pocket."