Android apps with 30 million downloads contain SpinOk Android malware — delete these now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Following the discovery that over a hundred Android apps with 400 million combined downloads actually contained the SpinOk malware, security researchers have now found that an additional 92 apps are also affected.

For those unaware, SpinOk is a spyware module that was being distributed as a software development kit (SDK) for advertisers. First discovered by the antivirus maker Dr. Web, developers unknowingly added it to their apps as a way to insert minigames that provide their users with minigames and “daily rewards” in order to hold their attention.

Unfortunately though, SpinOk is actually a new malware strain that can perform a number of malicious activities in the background, including listing files in directories, searching for particular files, uploading files from an infected smartphone or copying and replacing content from a device’s clipboard. The module’s file exfiltration functionality can be abused to expose private images, videos and documents while the clipboard modification functionality could be used by hackers to steal passwords and credit card data from an infected smartphone.

Although Dr. Web found 101 apps that contain the SpinOk malware, the cybersecurity firm CloudSEK has now discovered an additional 92 infected apps which have been downloaded 30 million times. Also, to make matters worse, 43 of which were still available from the Play Store at the time of writing but Google is likely already working on removing them.

Delete these apps right now

By using the indicators of compromise (IoCs) provided in Dr. Web’s report, CloudSEK was able to find even more Android apps infected with the SpinOk malware according to BleepingComputer. When CloudSEK released its own report on the matter, almost half (43) of these bad apps were still available to download from the Play Store.

Below you’ll find a list of the most popular Android apps which contain the SpinOK malware along with their developers. However, you can find the full list here in the appendix section of CloudSEK’s report.

  • Macaron Match (XM Studio) – 1 million downloads
  • Macaron Boom (XM Studio) – 1 million downloads
  • Jelly Connect (Bling Game) – 1 million downloads
  • Tiler Master (Zhinuo Technology) – 1 million downloads
  • Crazy Magic Ball (XM Studio) – 1 million downloads
  • Happy 2048 (Zhinuo Technology) – 1 million downloads
  • Mega Win Slots (Jia22) – 500,000 downloads

Just like with the previous Android apps infected with the SpinOk malware, it’s very likely that their developers used the malicious SDK as an advertising library while being completely unaware that it was actually malicious.

If you have one of these apps or even several installed on your Android smartphone, it’s highly recommended that you delete them immediately. Their developers are likely working to remove the malicious SDK but it isn’t worth the risk of leaving them on one of the best Android phones at the moment. These apps will likely be fine to reinstall later, once the SpinOK module has been removed.

In a statement to Tom's Guide, a Google spokesperson provided further details on SpinOk, saying: 

“The safety of users and developers is at the core of Google Play. We have reviewed recent reports on SpinOK SDK and are taking appropriate action on apps that violate our policies. Users are also protected by Google Play Protect, which warns users of apps known to exhibit malicious behavior on Android devices with Google Play Services, even when those apps come from other sources.” 

How to stay safe from Android malware and malicious apps

Android malware on phone

(Image credit: Shutterstock)

Even the best Android apps can turn malicious overnight thanks to the SpinOk malware and other supply-chain attacks. For this reason, it’s a good idea to limit the number of apps you have installed on your Android smartphone and think twice before adding any new apps.

When you do want to install a new app, you should check its rating and read any reviews carefully while also being aware of the fact that both ratings and reviews can be faked. This is why you also want to look for external reviews and if possible, video reviews that show an app in action.

Likewise, you also want to be careful when installing apps that request unnecessary permissions. For instance, that level or photo-editing app doesn’t likely need to be able to access your contacts and call history to work.

For additional protection from mobile malware and malicious apps, you should consider installing one of the best Android antivirus apps on your phone. If you’re on a tight budget, don’t worry as Google Play Protect (which is free and comes pre-installed on most Android phones) can also scan both your existing apps as well as any new ones you download for malware.

Now that even more apps have been found to contain the SpinOk malware, we’ll likely get an official response from Google soon. In the meantime though, you should delete any of the apps in question if you happen to have them installed on your Android phone or tablet.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
An image of a Google Android robot
Google blocked over 2.5 million suspicious Android apps from the Play Store last year
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Lewis Hamilton of Great Britain and Scuderia Ferrari looks on during Sprint Qualifying ahead of the F1 Grand Prix of China at Shanghai International Circuit in Shanghai, China, on March 21, 2025. (Photo by Song Haiyuan/Paddocker/NurPhoto via Getty Images)
How to watch Chinese Grand Prix 2025 online – stream F1 without cable, qualifying highlights
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 22 (#650)