Millions of Android users may be at risk of a cyberattack because of Android malware, and multiple modifications on Google Play. In a recent blog post, Dr. Web reported that the trojan module, “Android.Spy.SpinOk,”. The module distributes via a marketing software development kit (SDK) on 101 Google Play applications, with over 421,290,300 downloads.
How does the SDK work?
The module is designed to engage users through mini-games, tasks, prizes, and reward drawings. However, upon activation, this Android malware development kit (SDK) connects to a command and control server (C&C) and sends technical details about the affected device. These details include data from Android device sensors like the gyroscope and magnetometer. Attackers can use this data to determine if the malware is in a sandbox environment that security researchers often use to study potentially harmful Android apps. The trojan module also ignores device proxy settings, allowing it to conceal network connections when security teams analyze it.
What do the experts say?
Bud Broomhead, CEO at Viakoo, notes that the 421 million-plus downloads figure must accurately reflect how many devices are impacted. Wi-Fi usage may offer some protection, but multiple layers of network security are necessary to reduce significant data exfiltration incidents.
How to protect your device from SDK?
To protect your device, updating infected apps to the latest version available on Google Play is important. This will ensure that the app is clean and safe to use. If the app is unavailable on the Google Play Store, it is best to uninstall it immediately. After uninstalling, scan your device with a mobile antivirus to ensure that all traces of spyware have been removed.