SpinOk malware has been found in multiple Android apps that have been downloaded more than 30 million times.
The malware-riddled apps were found on the Google Play store, following an investigation by cyber security company CloudSEK. Following their investigation, the research team found that 193 apps on the Google Play store were infected with malware, 43 of which were active within the last week.
SpinOk malware was first discovered by cyber security software company Dr Web in May 2023. Distributed as an advertisement software development kit (SDK), the Trojan malware actually acts as spyware. Dr Web found in May that the malware was present in apps that had been downloaded more than 421 million times.
SpinOk malware is particularly malicious as it poses as a legitimate SDK for minigames with daily rewards. This entices both developers to download and use the kit on their apps and victims to download and run the malware frequently.
Once on a device, SpinOk malware is able to steal private data including images, files and videos on the device and send it to a private server. It can also hijack payments to cryptocurrency wallets and steal payment card details and login credentials. This can have a devastating impact on victims, as hackers may have access to personal or private images, documents and may steal their identities or money.
SpinOk malware was able to infect so many apps as it was distributed via a SDK-based supply chain attack. Software developers likely downloaded the SDK without knowing about the Trojan malicious software held within it.
The Google Play store has said it is taking “appropriate action on apps that violate [its] policies”.