Update: An additional 92 Android apps infected with the SpinOk malware have been discovered by cybersecurity firm CloudSEK. If you have any of these apps installed on your Android smartphone, we recommend that you remove them all now, as this malware can be used for spying and data theft.

More than 100 Android apps, with more than 400 million downloads combined, are infected with the new malware, which is distributed as a software development kit (SDK) for advertisers.

As reported by BleepingComputer, the discovery was made by security researchers at Dr. Web, who found a spyware module dubbed "SpinOk" in the infected apps. [The reason this new Android malware is called spyware is due to the fact that it can steal and send private data stored on the best Android phones to a remote server controlled by the hackers behind this campaign

The app is developed by the hackers who are behind the campaign.

App developers likely added the SpinOk module to their apps because it is seemingly legitimate and aims to keep users interested by offering them "daily rewards" through the use of mini-games.

Unfortunately, however, SpinOk performs a number of malicious activities in the background, checking the Android device's sensor data (including gyroscope and magnetometer sensors) to determine if it is running on the actual phone.

According to a Dr. Web report on the matter, the antivirus maker found 101 apps that were downloaded more than 421 million times from the Google Play store. The most downloaded affected apps are listed below:

Most of the affected apps have been removed from the Play Store, but not all yet; if you have any of these apps installed on your Android smartphone, we recommend removing them immediately! If you have any of these apps installed on your Android smartphone, we recommend that you remove them immediately. However, many of these apps have spyware removed in their latest versions, so you can update to the latest version instead of removing them entirely. Still, it would be best to remove these apps for your own safety.

Once added to one of the affected apps, the Trojanized SDK connects to a remote server to download a list of websites used to display mini-games within that app.

While the mini-game is displayed within the app as expected, SpinOk can perform a number of malicious activities in the background.

The file leaking feature could be used to expose private images, videos, and documents, while the clipboard modification feature could allow SpinOk's creator to steal passwords and credit card data, as well as any potentially enabling them to hijack payments.

At this time, it is still unclear whether the publishers of these 100+ Android apps were duped by the distributors of the Trojanized SDK or whether they intentionally incorporated it into their apps. However, as BleepingComputer points out, this type of infection is often the result of supply chain attacks from third parties.

In a statement to Tom's Guide, a Google spokesperson provided further details on what steps the search giant is taking to combat the risks posed by SpinOk, saying:

"User and developer safety is the core of Google Play. We have reviewed recent reports about the SpinOK SDK and are taking appropriate action against apps that violate our policies. Users are also protected by Google Play Protect, which alerts us to apps that are known to exhibit malicious behavior on Android devices where Google Play services are available.

To protect yourself from malicious apps, you should exercise extreme caution when downloading new apps, even if they are provided by the Google Play Store. Malicious apps sometimes slip through Google's security checks.

While it is tempting to look at ratings and read reviews of apps in the Play Store, keep in mind that both ratings and reviews can be faked. For this reason, it is a good idea to look for external reviews, especially video reviews, so that you can see how the app works before you install it.

At the same time, be careful when using apps that require unnecessary permissions. For example, a levels app or photo editing app would not need access to your contacts or call history.

For added protection, you should consider installing one of the best Android antivirus apps on your phone. However, if you are on a tight budget, Google Play Protect comes preinstalled for free on all Android phones and can also scan both your existing apps and any new ones you download for malware It can scan both your existing apps and any new ones you download for malware.

More information about SpinOk will be available when Google and other companies conduct their own investigations into how this Trojanized SDK got into so many popular Android apps.