Over 400 million infected with Android spyware — delete these apps right now

One phone with skull and crossbones on screen among several other clean-looking phones.
(Image credit: Marcos_Silva/Shutterstock)

Update: An additional 92 Android apps infected with the SpinOk malware have been discovered by the cybersecurity firm CloudSEK. As this malware can be used to spy on you and steal your data, you're going to want to delete all of these apps now if you happen to have any of them installed on your Android smartphone.

Over 100 Android apps with more than 400 million downloads combined have been infected with a new malware strain that’s being distributed as a software development kit (SDK) for advertisers.

As reported by BleepingComputer, the discovery was made by security researchers at Dr. Web who found a spyware module inside the affected apps that they’ve dubbed ‘SpinOk’. 

The reason this new Android malware is being referred to as spyware is due to the fact that it can steal private data stored on the best Android phones and send it to a remote server controlled by the hackers behind this campaign.

App developers likely added the SpinOk module to their apps, as it appears to be legitimate at first glance and uses minigames to provide users with “daily rewards” with the aim of keeping them interested.

Unfortunately though, SpinOk performs a number of malicious activities in the background while checking an Android device’s sensor data (including its gyroscope and magnetometer) to determine whether or not it’s running on an actual phone.


Reader Offer: Save 68% on Aura identity theft protection

Reader Offer: Save 68% on Aura identity theft protection
Aura provides everything you need to protect your identity, data and devices online with malware protection, a password manager and a VPN all included. Tom's Guide readers can save up to 68% when they sign up.

Preferred partner (What does this mean?)

Delete these apps right now

According to Dr. Web’s report on the matter, the antivirus maker claims to have found 101 apps that were downloaded more than 421 million times from the Google Play Store. Below, you’ll find the affected apps with the most downloads and you can find the full list here:

  • Noizz: video editor with music - 100 million downloads
  • Zapya - File Transfer, Share - 100 million downloads
  • vFly: video editor&video maker - 50 million downloads
  • MVBit - MV video status maker - 50 million downloads
  • Biugo - video maker&video editor - 50 million downloads
  • Crazy Drop - 10 million downloads
  • Cashzine - Earn money reward - 10 million downloads
  • Fizzo Novel - Reading Offline - 10 million downloads
  • CashEM: Get Rewards - 5 million downloads
  • Tick: watch to earn - 5 million downloads

While most of the affected apps have been removed from the Play Store, not all of them have yet. If you have any of these apps installed on your Android smartphone, it’s recommended that you delete them immediately. However, the spyware has been removed in the latest versions of many of these apps, so you could update to the latest version instead of removing them entirely. Still though, it’s probably best you delete these apps for your own safety.

Trojanized SDK 

Once added to one of the affected apps, the trojanized SDK connects to a remote server in order to download a list of websites that are used to display minigames within them.

Although the minigames are displayed within the apps as expected, SpinOk is capable of performing a number of malicious activities in the background that include listing files in directories, searching for particular files, uploading files from an infected smartphone or copying and replacing content from your clipboard.

While the file exfiltration functionality could be used to expose private images, videos and documents, the clipboard modification functionality could allow SpinOk’s creators to steal passwords and credit card data as well as to hijack any payments made using cryptocurrency.

At the moment, it’s still unclear as to whether or not the publishers of these 100+ Android apps were tricked by the distributor of the trojanized SDK or included it in their apps on purpose. However, as BleepingComputer notes, these types of infections are often the result of supply-chain attacks from a third party.

In a statement to Tom's Guide, a Google spokesperson provided further details on what steps the search giant is taking to combat the risk posed by SpinOk, saying:

“The safety of users and developers is at the core of Google Play. We have reviewed recent reports on SpinOK SDK and are taking appropriate action on apps that violate our policies. Users are also protected by Google Play Protect, which warns users of apps known to exhibit malicious behavior on Android devices with Google Play Services, even when those apps come from other sources.” 

How to stay safe from bad apps

A hand holding a phone securely logging in

(Image credit: Google)

When it comes to staying safe from malicious apps, you need to be extremely careful when downloading new apps — even when they come from the Google Play Store. Bad apps manage to slip past Google’s own security checks from time to time which is why you should exercise your best judgment when putting any new app on your phone.

You want to look at an app’s rating on the Play Store and read reviews while being mindful of the fact that both ratings and reviews can be faked. This is why it’s also a good idea to look for external reviews and especially video reviews so that you can see an app in action before installing it.

At the same time, you also want to be careful when using apps that request unnecessary permissions. For instance, that level or photo-editing app doesn’t likely need to be able to access your contacts and call history to work.

For additional protection, you should consider installing one of the best Android antivirus apps on your phone. If you’re on a tight budget though, Google Play Protect comes pre-installed for free on all Android phones and can also scan both your existing apps and any new ones you download for malware.

We’ll likely hear more about SpinOk once Google and others conduct their own investigations into how this trojanized SDK managed to end up inside so many popular Android apps.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Hackers are using the Amazon Appstore to spread malware — delete this malicious app now
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
Green skull on smartphone screen.
Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here's why that's bad
An image of a Google Android robot
Google blocked over 2.5 million suspicious Android apps from the Play Store last year
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
Latest in Android Phones
Galaxy Z Fold 6 shown in hand
Samsung Galaxy Z Fold 6 just got these major upgrades with One UI 7
Pixel 9a vs Pixel 8a
Google Pixel 9a vs. Pixel 8a: Biggest changes to expect
Honor Magic V teaser image
Watch out, Galaxy Z Fold 7 — Honor Magic V4 leak just revealed a killer foldable
Google Maps
Google Maps just got a huge iPhone-inspired upgrade with Android 16 beta — here's how it works
Google Pixel 9a render
Google Pixel 9a leak just confirmed a major design change — here's the new look
android 16 lock screen widgets for android tablets
Google’s bringing lock screen widgets back to Android phones this summer — here's what we know
Latest in News
Nintendo Switch 2 promo image
Nintendo Switch 2 patent hints at a major improvement — and it could be the reason for the mysterious “C” button
Cruel Intentions on Prime Video
Amazon cancels 'Cruel Intentions' after one season on Prime Video
(L-R) Adeline Rudolph and Jack Kesy in "Hellboy: The Crooked Man" (2024).
Hulu top 10 movies — here's what you need to be watching right now
How to tour the Super Bowl stadium virtually with Google Maps
Google Maps glitch is purging Timeline data — what we know
The iPhone 17 Air next to an iPhone 16 Pro Max
iPhone 17 Air could be this thin — new photo vs iPhone 16 Pro Max
Galaxy Z Fold 6 shown in hand
Samsung Galaxy Z Fold 6 just got these major upgrades with One UI 7