The emergence of a new malware threat, known as Arsink, has raised alarms within the cybersecurity community. This Android Remote Access Trojan (RAT) is designed to exfiltrate sensitive information from users while granting complete remote control to its operators. According to Zimperium, a cybersecurity firm, over 45,000 devices across 143 countries, including the UK, have already fallen victim to this sophisticated virus.
How the Arsink bug works
Arsink employs a cunning strategy to ensnare Android users, luring them into downloading “pro” versions of seemingly legitimate applications. These deceptive apps are often promoted on social media platforms rather than the official Google Play Store, making them particularly insidious.
Once installed, the Arsink bug activates, providing hackers with access to a wide array of sensitive data, including:
- Text messages
- Emails
- Call logs
- Contacts
- Microphone recordings
- Photos
- Location data
- And more…
Android users are being tricked into downloading “pro” versions of official-looking apps like Facebook, Instagram, and TikTok. (Image: PA)
In addition to data theft, Arsink allows hackers to manipulate various features of infected devices, including:
- Using the torch
- Playing audio
- Setting wallpaper
- Making calls
- Changing various settings
Zimperium notes that these malicious apps typically do not deliver any genuine features. Instead, they present a minimal user interface, promptly request sensitive permissions, and operate silently in the background.
To evade detection, the malware cleverly hides its icon and initiates a foreground service that remains active even when task killers are employed. It also generates persistent notifications to thwart attempts to terminate the service.
Delete Any App Asking For Full Control 🚨Malware abuses Android accessibility permissions to hijack devices, steal data & spy on users. If you didn’t install it for legitimate accessibility needs remove it immediately. Learn more from @Forbes: https://t.co/DiarWGUICf
— Zimperium (@Zimperium) August 18, 2025
The apps to delete to avoid Arsink bug
As previously mentioned, the Arsink bug is concealed within “pro” versions of familiar applications, tricking users into downloading the harmful software and granting it extensive access to their devices.
Approximately 50 well-known brands are being exploited, including:
- YouTube
- TikTok
Users are advised to steer clear of any “pro” versions of official-looking apps that are not available on the Google Play Store. If you have already installed one of these malicious applications, it is crucial to delete it immediately to safeguard your personal information and device integrity.
