SpinOk Trojan Compromises 421 Million Android Devices

Cyber Security Threat Summary:
Security researchers have recently detected a novel Android Trojan that has the potential to compromise a staggering 421 million devices. In a recently released advisory on Monday, the Doctor Web team revealed details about this Trojan, referred to as Android[.]Spy.SpinOk. Android[.]Spy.SpinOk possesses numerous spyware capabilities, such as gathering files and capturing clipboard content. This Trojan spreads by being concealed within other applications, thereby infecting a vast number of devices. /b>


The SpinOk module presents itself as an enticing package for users, offering captivating features like mini-games, tasks, and chances to win prizes. However, once activated, this Trojan SDK establishes a connection to a command and control (C2) server, transmitting extensive technical information about the infected device. Bud Broomhead, CEO of Viakoo, stated, "The threat actors have delved deep into a specific segment of Android games, particularly those that generate income for players. It's likely that they have targeted this segment with a purpose, such as monitoring fund transfers to bank accounts or exploiting specific files possessed by players." The transmitted data includes details from various sensors like the gyroscope and magnetometer, enabling the module to detect emulator environments and adjust its operations to evade detection by security researchers. Furthermore, the malware can bypass device proxy settings, effectively hiding network connections during analysis. In return, it receives a list of URLs from the server, which it loads in WebView to display advertising banners. /b>


Security Officer Comments:
The presence of the Trojan module and its various versions within multiple apps on Google Play was identified by the experts at Doctor Web. While some apps still contain the malicious software development kits (SDK), others had it only in specific versions, and a few have been completely removed from the platform. Krishna Vishnubhotla, Vice President of Product Strategy at Zimperium, explained, "SDKs are often like black boxes for mobile app developers. They are integrated to perform specific known tasks, whether they are free or paid. However, very few people actually check what else an SDK is capable of, especially when it operates within an app on a user's device. Malicious actors also make it challenging by ensuring that suspicious activity code is downloaded only under specific conditions on the device to avoid detection." According to Doctor Web's analysis, the Trojan was found in 101 apps, with a total of 421,290,300 downloads. The company promptly notified Google about this threat. /b>


Suggested Correction(s):
Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release. Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats. /b>


Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date. /b>


Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy. /b>


Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information. Download apps from official app stores. /b>


Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk. /b>


Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device. /b>


Link(s):
https://www.infosecurity-magazine.com/news/spinok-trojan-compromises-421m/
https://news.drweb.com/show/?i=14705&lng=en