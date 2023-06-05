A recently discovered trojan SDK has raised concerns for Android users as it expands the capabilities of malicious code found in web pages containing ads. This module allows unauthorized access to sensitive information and files on Android devices. Security researchers at DrWeb uncovered this threat, identifying it in several apps available on Google Play. Surprisingly, these apps have cumulative downloads of over 421 million. Many Android users are potentially at risk of falling victim to cyber-attacks due to this new trojan.

Capabilities of the Trojan

The trojan SDK, named Android.Spy.SpinOk, adds various features to JavaScript code present on webpages. This enables it to retrieve lists of files in specific directories, verify the existence of certain files or directories on the device, extract files from the device, and manipulate the contents of the clipboard. These capabilities grant the trojan operators unauthorized access to confidential user data and files.

Malicious Apps on Google Play:

Doctor Web's malware analysts have found the Android.Spy.SpinOk trojan SDK in multiple apps distributed through Google Play. While some apps still contain the malicious SDK, others had it in specific versions or have been completely removed from the catalog. This discovery highlights the potential risk faced by Android device owners. Doctor Web promptly notified Google about this threat to take necessary actions.

Popular Apps Carrying the Trojan SDK

Among the apps identified as carriers of the Android.Spy.SpinOk trojan SDK, the following 10 programs have gained significant installations:

Noizz: video editor with music (100,000,000+ installations)

Zapya - File Transfer, Share (100,000,000+ installations; trojan module present in versions 6.3.3 to 6.4)

VFly: video editor&video maker (50,000,000+ installations)

MVBit - MV video status maker (50,000,000+ installations)

Biugo - video maker&video editor (50,000,000+ installations)

Crazy Drop (10,000,000+ installations)

Cashzine - Earn money reward (10,000,000+ installations)

Fizzo Novel - Reading Offline (10,000,000+ installations)

CashEM: Get Rewards (5,000,000+ installations)

Tick: watch to earn (5,000,000+ installations)



Response and Protection

Dr.Web's anti-virus for Android effectively detects and neutralizes all known versions of the Android.Spy.SpinOk trojan module and apps that contain it. This provides assurance to users protected by the anti-virus software, eliminating the threat posed by this malicious app. Users are advised to maintain reliable security measures, including up-to-date anti-virus software, to safeguard their devices against potential threats.

The discovery of the trojan SDK in popular apps emphasizes the need for caution among Android users. Doctor Web's efforts to identify and notify Google about this security risk underscore the importance of taking timely action to protect users' sensitive information. Android users are urged to remain vigilant when downloading and updating apps, ensuring the presence of up-to-date security software to mitigate potential threats and maintain the security of their devices.