Ninety-two more apps, nearly half of which are on Google Play, that have cumulatively amassed more than 30 million installations were discovered to be compromised with the SpinOk malware
, which has been distributed through a malicious software development kit supply chain attack, BleepingComputer
HexaPop Link 2248 was the most popular among the newly-identified SpinOk malware-infected apps, having five million downloads before its removal from Google Play, a report from CloudSEK revealed.
Moreover, a million downloads each have been recorded for XM Studio's "Macaron Match" and "Macaron Boom," Zhinuo Technology's "Tiler Master," Bling Game's "Jelly Connect," and XM Studio's "Crazy Magic Ball."
While many of the other SpinOk malware-infected apps remain on Google Play, Google said that it has begun evaluating the malicious apps.
"We have reviewed recent reports on SpinOK SDK and are taking appropriate action on apps that violate our policies," said a Google spokesperson, who reassured the defenses of Google Play Protect against malicious apps.