Security researchers have discovered an Android Software module with spyware functionality. The spyware module dubbed SpinOk demonstrates a seemingly legitimate software behaviour. It states that it is designed to maintain users’ interest in the app through the use of mini games, a system or tasks with alleged prizes and reward drawing. However this Android module is a trojan SDK which checks the Android device’s sensor data to confirm that it is not running in a sandboxed environment. It then connects to a remote server to download a list of URLs to display the expected mini games. While the games are being played, the trojan SDK is running additional malicious functionality in the background. This includes listing files in directories, searching for particular files, uploading files from the device or copying and replacing clipboard contents. Security researchers found this malicious SDK used in 101 apps which had a cumulative download of over 421 million times. Google has received the reports of the malicious SDK and has since removed the offending apps until the developers submit a clean version.
https://www.bleepingcomputer.com/news/security/android-apps-with-spyware-installed-421-million-times-from-google-play/
https://news.drweb.com/show/?i=14705&lng=en
This segment was created for the It’s 5:05 podcast