Malicious app (Photo: ShutterStock)
A study by security company Dr. Web (a silly name, we know) found over 421 apps, which together were downloaded <> million times, infected with a new strain of malware. The malware is SpinOK, and it also contains spyware. It is mainly used as a development tool for online marketing, and has tried to capture users' attention with mini-games, a set of tasks, and alleged rewards. Research team at Dr. WEB found that the malware is capable of stealing information from devices, including personal information and files, in fact any information accessed by the apps in which it is located. The malware can also evade security expert scrutiny by detecting a simulation environment that isn't a real device. The information SpinOk steals from the device is sent to the operator's and attacker's servers.
In the list of apps infected with SpinOK, we did not identify an app that is popular among Israelis, but due to the huge number of downloads, it can be assumed that users from Israel may also be in danger. The full list of apps can be found here.
Partial list:
- Bank Bingo Slot
- Bingo-J
- Jelly Connect
- Mega Win Slots
- Play Tube
- Lucky Clover Bingo
- Jackpot King - Coin Pusher
- Owl Pop Mania
- Daily Step
- Get Rich Scanner
- Star Quiz
- Lucky Jackpot Pusher
- Pic Pro - AI Photo Enhancer
- PlayBox: Rewarded Play
- Bubble Connect - puzzle match
- VibeTik
- WOW Domino
- Match Fun 3D
- Fizzo Novel - Reading Offline
- Piggy Rush Slot
Over 421 apps, which together have been downloaded <> million times, have been infected with a new strain of malware (Photo: Walla! Technology, Yinon Ben Shoshan)
Among the apps you can identify apps such as Solitaire Game or apps that promise users to earn money easily. Please note, that these are traps. Notable include a video editor called Biugo (50 million downloads), Crazy Drop (ten million downloads), Noizz Video Editor (100 million downloads), and a file transfer program called Zapya. Most apps have been removed from the Google Download Store or updated to be clean, but caution is recommended.
Tom Malka, head of cyber research at Rakia Group, told Walla that this is a large-scale campaign that exposes masses of users to the possibility of espionage by the developers of the malicious SDK. "It is important to note that there is an evasion mechanism that exists in the SDK, reminiscent of malware that knows how to detect test environments and not operate, in order to prevent researchers from exporting IOCs and make analysis difficult," Malka explains. "The malware allows attackers to perform actions such as obtain the list of files on the victim's phone, retrieve files from the infected device, and copy and modify the contents of the copy clipboard."
Malka also explains what to do if you've been infected: "If there is a concern that one or more of the apps listed on this list have been installed, delete the app (for strict ones, resetting factory settings after a backup is a correct and smart option), scan your device with an antivirus (it's important to note that the malware has been signed and therefore updated antiviruses will be able to detect them) - and in general, I would recommend not installing apps from an unknown source." concludes the cyber expert.
- technology
- Privacy & Security
Tags
- android
- Malware
