NewsBeat
Android bug posing as popular apps stealing private data
The new bug is called Arsink, and it is an Android Remote Access Trojan (RAT).
“Arsink is a sophisticated malware that actively exfiltrates information, transmitting it directly to its operators while affording them complete remote control,” Zimperium explained.
More than 45,000 devices have already been infected by this virus, according to the tech experts, across 143 countries, including in the UK.
How the Arsink bug works
Android users are being tricked into downloading “pro” versions of official-looking apps, Zimperium said.
These apps are usually advertised on social media and other similar platforms, rather than the official Google Play Store.
Once these apps are downloaded, the Arsink bug gets to work within the device, allowing hackers access to:
- Text messages
- Emails
- Call logs
- Contacts
- Microphone recordings
- Photos
- Location data
- And more…
Android users are being tricked into downloading “pro” versions of official-looking apps like Facebook, Instagram, and Tik Tok. (Image: PA)
The bug also allows hackers to remotely control certain features of infected devices, including:
- Using the torch
- Playing audio
- Setting wallpaper
- Making calls
- Changing various settings
Zimperium added: “In most cases, the apps don’t deliver real features, they display a minimal UI (user interface), immediately request sensitive permissions, and then operate silently.”
The sophisticated malware hides its icon to reduce detection and launches a foreground service that keeps running despite task killers.
It will also display persistent notifications to prevent the service from being terminated.
Delete Any App Asking For Full Control 🚨
Malware abuses Android accessibility permissions to hijack devices, steal data & spy on users. If you didn’t install it for legitimate accessibility needs remove it immediately.
Learn more from @Forbes: https://t.co/DiarWGUICf
— Zimperium (@Zimperium) August 18, 2025
The apps to delete to avoid Arsink bug
As mentioned previously, the Arsink bug is hidden within “pro” versions of official-looking apps, which trick users into downloading the malicious software and granting it “extensive” access.
Around 50 well-known brands are being used, including:
- YouTube
- TikTok
If you come across any “pro” versions of official-looking apps outside the Google Play Store, be sure to avoid them.
If you have already installed one, delete it immediately.