New Delhi: While appearing to be a small game, an Android software module is actually spyware that gathers data on the files kept on mobile devices and has the ability to send it to online criminals. Additionally, malware researchers discovered that the spyware was included in 101 apps with more than 420 million downloads, according to a report by the antivirus company Dr. Web.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

known as Android.Spy.The marketing software development kit (SDK) that contains SpinOk is used to disseminate the spyware. According to research from Dr. Web, developers can integrate it into a variety of apps and games, including those that are available on Google Play.


"On the surface, the SpinOk module is designed to maintain users' interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings," the report stated.


This trojan SDK establishes a connection to a C&C server upon initialization by sending a request including a substantial amount of technical data about the infected device.


In order to avoid being found by security experts, the malware also takes precautions to modify its operational procedures.


"It can mask network connections while conducting analysis since it disregards device proxy settings for the same reason. The module responds by requesting a list of URLs from the server, which it then opens in WebView to show banner ads, according to the study.


This gives hackers access to the phone's list of files, allows them to check if a certain file or directory is present on the device, and even allows them to copy or replace the contents of the clipboard. Experts from Doctor Web discovered this spyware module and numerous variations of it in a variety of apps available through Google Play.


"Our malware researchers found it in 101 apps that have received a total of at least 421,290,300 downloads. As a result, hundreds of millions of people who use Android devices run the risk of falling prey to cyber espionage. Google was alerted to the threat by Doctor Web, the company said.