Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
For the SpinOK malware, please write a short paragraph based on the given background and website info: - the date of the first incident’s report - How does it work, - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution?     Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance with Dr.Web classification, this module is distributed as a marketing SDK. Developers can embed it into all sorts of apps and games, including those available on Google Play. On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings. Upon initialization, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device. Included are data from sensors, e.g., gyroscope, magnetometer, etc., that can be used to detect an emulator environment and adjust the module’s operating routine in order to avoid being detected by security researchers. For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners. At the same time, this trojan SDK expands the capabilities of JavaScript code executed on loaded webpages containing ads. It adds many features to such code, including the ability to: obtain the list of files in specified directories, verify the presence of a specified file or a directory on the device, obtain a file from the device, and copy or substitute the clipboard contents. This allows the trojan module’s operators to obtain confidential information and files from a user’s device—for example, files that can be accessed by apps with Android.Spy.SpinOk built into them. For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner. Doctor Web specialists found this trojan module and several modifications of it in a number of apps distributed via Google Play. Some of them contain malicious SDK to this date; others had it only in particular versions or were removed from the catalog entirely. Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads. Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web notified Google about the uncovered threat. Below are the names of the 10 most popular programs found to carry the Android.Spy.SpinOk trojan SDK: Noizz: video editor with music (at least 100,000,000 installations), Zapya - File Transfer, Share (at least 100,000,000 installations; the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1), VFly: video editor&video maker (at least 50,000,000 installations), MVBit - MV video status maker (at least 50,000,000 installations), Biugo - video maker&video editor (at least 50,000,000 installations), Crazy Drop (at least 10,000,000 installations), Cashzine - Earn money reward (at least 10,000,000 installations), Fizzo Novel - Reading Offline (at least 10,000,000 installations), CashEM: Get Rewards (at least 5,000,000 installations), Tick: watch to earn (at least 5,000,000 installations).

For the SpinOK malware, please write a short paragraph based on the given background and website info: - the date of the first incident’s report - How does it work, - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution?     Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance with Dr.Web classification, this module is distributed as a marketing SDK. Developers can embed it into all sorts of apps and games, including those available on Google Play. On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings. Upon initialization, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device. Included are data from sensors, e.g., gyroscope, magnetometer, etc., that can be used to detect an emulator environment and adjust the module’s operating routine in order to avoid being detected by security researchers. For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners. At the same time, this trojan SDK expands the capabilities of JavaScript code executed on loaded webpages containing ads. It adds many features to such code, including the ability to: obtain the list of files in specified directories, verify the presence of a specified file or a directory on the device, obtain a file from the device, and copy or substitute the clipboard contents. This allows the trojan module’s operators to obtain confidential information and files from a user’s device—for example, files that can be accessed by apps with Android.Spy.SpinOk built into them. For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner. Doctor Web specialists found this trojan module and several modifications of it in a number of apps distributed via Google Play. Some of them contain malicious SDK to this date; others had it only in particular versions or were removed from the catalog entirely. Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads. Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web notified Google about the uncovered threat. Below are the names of the 10 most popular programs found to carry the Android.Spy.SpinOk trojan SDK: Noizz: video editor with music (at least 100,000,000 installations), Zapya - File Transfer, Share (at least 100,000,000 installations; the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1), VFly: video editor&video maker (at least 50,000,000 installations), MVBit - MV video status maker (at least 50,000,000 installations), Biugo - video maker&video editor (at least 50,000,000 installations), Crazy Drop (at least 10,000,000 installations), Cashzine - Earn money reward (at least 10,000,000 installations), Fizzo Novel - Reading Offline (at least 10,000,000 installations), CashEM: Get Rewards (at least 5,000,000 installations), Tick: watch to earn (at least 5,000,000 installations).

Management Of Information Security
Management Of Information Security
6th Edition
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:WHITMAN, Michael.
Chapter7: Risk Management: Treating Risk
Section: Chapter Questions
Problem 7E
See similar textbooks
icon
Related questions
Question
100%

For the SpinOK malware, please write a short paragraph based on the given background and website info:

- the date of the first incident’s report

- How does it work,

- How one should protect his/her system against this malware

- If infected, how one can cope with that? Is there any solution?

 

 

Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance with Dr.Web classification, this module is distributed as a marketing SDK. Developers can embed it into all sorts of apps and games, including those available on Google Play.

On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings. Upon initialization, this trojan SDK connects to a C&C server by sending a request containing a large amount of technical information about the infected device. Included are data from sensors, e.g., gyroscope, magnetometer, etc., that can be used to detect an emulator environment and adjust the module’s operating routine in order to avoid being detected by security researchers. For the same purpose, it ignores device proxy settings, which allows it to hide network connections during analysis. In response, the module receives a list of URLs from the server, which it then opens in WebView to display advertising banners.

At the same time, this trojan SDK expands the capabilities of JavaScript code executed on loaded webpages containing ads. It adds many features to such code, including the ability to:

  • obtain the list of files in specified directories,
  • verify the presence of a specified file or a directory on the device,
  • obtain a file from the device, and
  • copy or substitute the clipboard contents.

This allows the trojan module’s operators to obtain confidential information and files from a user’s device—for example, files that can be accessed by apps with Android.Spy.SpinOk built into them. For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner.

Doctor Web specialists found this trojan module and several modifications of it in a number of apps distributed via Google Play. Some of them contain malicious SDK to this date; others had it only in particular versions or were removed from the catalog entirely. Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads. Thus, hundreds of millions of Android device owners are at risk of becoming victims of cyber espionage. Doctor Web notified Google about the uncovered threat.

Below are the names of the 10 most popular programs found to carry the Android.Spy.SpinOk trojan SDK:

  • Noizz: video editor with music (at least 100,000,000 installations),
  • Zapya - File Transfer, Share (at least 100,000,000 installations; the trojan module was present in version 6.3.3 to version 6.4 and is no longer present in current version 6.4.1),
  • VFly: video editor&video maker (at least 50,000,000 installations),
  • MVBit - MV video status maker (at least 50,000,000 installations),
  • Biugo - video maker&video editor (at least 50,000,000 installations),
  • Crazy Drop (at least 10,000,000 installations),
  • Cashzine - Earn money reward (at least 10,000,000 installations),
  • Fizzo Novel - Reading Offline (at least 10,000,000 installations),
  • CashEM: Get Rewards (at least 5,000,000 installations),
  • Tick: watch to earn (at least 5,000,000 installations).

 

Expert Solution
steps

Step by step

Solved in 3 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Types of Security Technology
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Management Of Information Security
Management Of Information Security
Computer Science
ISBN:
9781337405713
Author:
WHITMAN, Michael.
Publisher:
Cengage Learning,
SEE MORE TEXTBOOKS