Doctor Web company discovered A malware module for Android that can spy on users and transfer their files and data to attackers. A module called SpinOk was found in applications whose total circulation exceeded 421 million downloads.
It is noted that the SpinOk module is embedded by developers into various Android games and applications, including Google Play. It is distributed under the guise of a marketing SDK that offers users mini-games, a mission system, and prize draws. At the same time, it connects to the C&C server and sends technical data about the infected device, including sensor data, to the server. This allows the module to bypass emulator environments and hide its activity from information security experts.
Also, the module extends the JavaScript code on the promotional web pages it loads in WebView. This type of code can get a list of files in specified directories, check the existence of a particular file or directory on a device, retrieve files, see and change clipboard contents on devices. This allows attackers to access sensitive information and files on the user’s device.
Doctor Web experts detected this Trojan module and several of its modifications in 101 applications distributed through the Google Play catalog.
“Therefore, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web reported the detected threat to Google” on the website of the information security company.
Formerly socialbites.ca saidThey discovered a ransomware sent via SMS for Android in Russia.