SpinOk
malware
has
been
found
in
multiple
Android
apps
that
have
been
downloaded
more
than
30
million
times.
The
malware-riddled
apps
were
found
on
the
Google
Play
store,
following
an
investigation
by
cyber
security
company
CloudSEK.
Following
their
investigation,
the
research
team
found
that
193
apps
on
the
Google
Play
store
were
infected
with
malware,
43
of
which
were
active
within
the
last
week.
SpinOk
malware
was
first
discovered
by
cyber
security
software
company
Dr
Web
in
May
2023.
Distributed
as
an
advertisement
software
development
kit
(SDK),
the
Trojan
malware
actually
acts
as
spyware.
Dr
Web
found
in
May
that
the
malware
was
present
in
apps
that
had
been
downloaded
more
than
421
million
times.
SpinOk
malware
is
particularly
malicious
as
it
poses
as
a
legitimate
SDK
for
minigames
with
daily
rewards.
This
entices
both
developers
to
download
and
use
the
kit
on
their
apps
and
victims
to
download
and
run
the
malware
frequently.
Once
on
a
device,
SpinOk
malware
is
able
to
steal
private
data
including
images,
files
and
videos
on
the
device
and
send
it
to
a
private
server.
It
can
also
hijack
payments
to
cryptocurrency
wallets
and
steal
payment
card
details
and
login
credentials.
This
can
have
a
devastating
impact
on
victims,
as
hackers
may
have
access
to
personal
or
private
images,
documents
and
may
steal
their
identities
or
money.
SpinOk
malware
was
able
to
infect
so
many
apps
as
it
was
distributed
via
a
SDK-based
supply
chain
attack.
Software
developers
likely
downloaded
the
SDK
without
knowing
about
the
Trojan
malicious
software
held
within
it.
The
Google
Play
store
has
said
it
is taking
“appropriate
action
on
apps
that
violate
[its]
policies”.
About Author
