The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times.
The finding comes from CloudSEK’s security team, who report finding a set of 193 apps carrying the malicious SDK, 43 of which were active on Google Play at the time of their discovery last week.
SpinOk on Google Play
SpinOk was first discovered by Dr. Web late last month in a set of a hundred apps that had been collectively downloaded over 421 million times.
As the mobile security company explained in its report, SpinOk was distributed via an SDK supply chain attack that infected many apps and, by extension, breached many Android users.
On the surface, the SDK served mini-games with daily rewards legitimately used by developers to pique the interest of their users. However, in the background, the trojan could be used to steal files and replace clipboard contents.
Smart rings on fingers, smart bracelets on ankles, and smart lanyards around necks — far beyond the Apple Watch and AirPods,...