A highly concerning development in the Android ecosystem has surfaced, with a notorious malware loader infecting millions of devices. An updated version of the Necro malware has reportedly compromised over 11 million Android phones, infiltrating the Google Play Store and spreading through various apps.
The malware's distribution was enabled via malicious advertising software development kits (SDKs) embedded in legitimate apps available on the Play Store. It has also spread through modified versions of popular apps such as Spotify, WhatsApp, and Minecraft, which are shared outside of official channels. While third-party APKs are often a known risk, the presence of this malware within Google Play apps raises serious concerns.
Necro works by downloading and executing malicious payloads on infected devices. These payloads activate harmful plugins that display adware through invisible WebView windows, execute arbitrary JavaScript and DEX files, and even commit subscription fraud. Additionally, it can convert affected devices into proxies, enabling malicious traffic.
Kaspersky researchers discovered the Necro malware within two widely downloaded Google Play apps: Wuta Camera and Max Browser. Although Google has since removed the infected versions, the malware’s payloads could still be active on user devices. Beyond the Play Store, the malware is also distributed through unofficial websites via game mods and other altered software.
While the full scale of Necro’s impact remains unclear, it has already infected at least 11 million devices through the Play Store. It is likely that many more have been compromised through unauthorized APK installations. If you suspect any infected apps on your device, it is critical to remove them immediately and seek safer alternatives.
Via: (Source)
Comments