Android’s latest nightmare: millions of devices infected with insidious malware
7 mins read

Android’s latest nightmare: millions of devices infected with insidious malware

You would think that an app listed in the Play Store would be safe to download. Google wants you to believe this, and it’s largely true. However, in the digital world, no service is foolproof.

From time to time, there have been cases where widely downloaded apps from the Play Store have been infected with malware. While Google continues to promise that the app marketplace is safe, another incident has come to light.

Security researchers have discovered a new Trojan called Necro that infects not only apps downloaded from unofficial sources, but also those from the Play Store, including an app that has been downloaded over 10 million times.

RECEIVE SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR THE KURT’S NEWSLETTER – CYBERGUY REPORT HERE

Man with android

A man scrolling through his Android phone (Kurt “CyberGuy” Knutsson)

How Necro infects applications

The exact method by which both apps were initially infected with malware is still unclear. Researchers at Kaspersky’s Securelist believe that a fake software development kit (SDK) used to integrate advertising features may be responsible for the breach. SDKs are essential tools that developers use to add specific features to their applications, such as advertising services, analytics, or payment processing.

CLICK HERE FOR MORE US NEWS

If the SDK is compromised, it may inadvertently introduce vulnerabilities in applications that leverage it. In this case, app-infecting malware displayed ads in the background to generate false revenue for attackers, installed apps and APK files without user consent, and used invisible WebViews to interact with paid services.

The Trojan in question, Necro, is not entirely new. This is the same malware that infected a popular document scanner called CamScanner in 2019, which had over 100 million downloads at the time.

Android on the desk

Android phone on the desk (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN EVOLVES TO AVOID DETECTION AND ATTACKS WORLDWIDE

Which apps are affected?

Kaspersky researchers have identified several applications affected by the Necro Trojan, including those available on Google Play. Their combined audience was over 11 million Android devices.

The first app affected is Wuta Camera, a photo editing and beautification tool. It has at least 10 million times. Since version 6.3.2.148, the Necro loader has been embedded in it. The latest version of the application, 6.3.6.148, which was available on Google Play, also had it. After researchers reported the presence of malicious code to Google, the Trojan was removed from the application version 6.3.7.138.

The second infected application was Max Browser. According to Google Play, this browser was installed over a million times and as of version 1.2.0 it also included a Necro loader. Following the report, Google removed the infected app from the Play Store.

Kaspersky also found WhatsApp mods that had a Necro loader in unofficial sources. A Spotify mod called “Spotify Plus” has also been spotted, which provides free access to premium services without ads. Additionally, the report mentioned mods for popular games such as Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox, all of which were infected with the Necro loader.

Mods, or modifications, are altered versions of original applications or games that often provide additional features or improvements.

EXPAND YOUR FOX BUSINESS BY CLICKING HERE

Android phone

Android phone (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN IMPRESSES GOOGLE PLAY TO STEAL YOUR DATA

What is Google’s response to this situation?

Google is aware of the Necro malware and, as I mentioned above, has already removed affected apps. A Google spokesperson provided us with the following statement:

“All malicious app versions identified in this report were removed from Google Play prior to the report’s publication. Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices and Google Play Google Play Protect services can warn users or block apps known to exhibit malicious behavior, even if they originate from they come from sources outside Play.

HIDDEN COSTS OF FREE APPLICATIONS: YOUR PERSONAL DATA

4 ways to protect yourself against Necro malware

1. Have strong antivirus software: Android has built-in malware protection called Play Protect, but the Necro trojan proves that it is not enough. Historically, Play Protect has not been 100% reliable at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that can access your private information is to install antivirus protection on all your devices. This may also alert you to any phishing emails Or ransomware scams. Check out my picks for the top antivirus protection winners of 2024 for Windows, Mac, Android and iOS devices.

2. Download apps from reliable sources: It’s important to only download apps from trusted sources like the Google Play Store. You may say I’m contradicting myself, but the Play Store is still more secure than other options available. Conducts rigorous checks to prevent malware and other harmful software. However, even with the security measures provided by Google Play, downloading an app from the store does not guarantee 100% protection against malware or malware. Avoid downloading apps from unknown websites or unofficial stores as it may pose a higher risk to your personal data and device. Never trust download links you receive via SMS.

3. Be careful with app permissions: Always check the permissions required by applications before installation. If an app requests access to features that seem unnecessary for its operation, this may be a sign of malicious intent. Don’t grant any permissions to access the app unless you really need it. Avoid granting permissions that could expose your personal data.

4. Regularly update the operating system and applications on your device: Software storage current is crucial because updates often contain security patches for newly discovered vulnerabilities that can be exploited by Trojans.

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPLICATIONS

Kurt’s key takeaways

The discovery of the Necro loader in apps like Wuta Camera, Max Browser, and popular gaming mods shows how serious security problems can be in the app world. As over 11 million Android devices are affected, you should be careful when downloading the app. Unofficial sources can be a breeding ground for hidden threats, but the Play Store isn’t completely safe either. Google should check what apps it allows on its platform. I haven’t seen as many malware issues affecting iPhone apps as I have with Android.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you think Google is doing enough to protect users from malware in the Play Store? Let us know by writing to the address Cyberguy.com/Contact

For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by clicking Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to CyberGuy frequently asked questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.