Necro Android Malware Infects 11 Million Devices via Google Play

Necro Android Malware Infects 11 Million Devices via Google Play

In a shocking discovery, the latest version of the Necro malware loader has infected over 11 million Android devices, using malicious software development kits (SDKs) that infiltrated Google Play.

Kaspersky, a leading cybersecurity firm, has raised the alarm, and we are here to break down exactly how this happened and what you can do to protect your device.

How Did the Necro Trojan Infect Android Devices?

Necro, a notorious malware loader, sneaked into Android phones via legitimate apps that unknowingly used malicious SDKs.

These apps, available on Google Play, included popular ones like Wuta Camera and Max Browser, both of which had thousands of downloads.

The Wuta Camera app on Google Play

This malware wasn’t just a random virus; it was installed through advertising SDKs. The malware creators cleverly embedded these kits within game mods and popular apps like Spotify and WhatsApp mods, increasing deception.

Key Apps Affected by Necro Trojan

  • Wuta Camera (over 10 million downloads)
  • Max Browser (1 million downloads)

If you’ve used any of these apps, it’s essential to update or delete them right away, as older versions of these apps may still carry harmful payloads that remain on your phone even after updating.

How Necro Malware Operates

The Necro malware is more than just a simple Trojan; it’s a multi-tasking menace that installs various harmful payloads on infected devices. Here’s what it does:

  1. Adware that hijacks your phone’s WebView: It opens invisible windows to load ads in the background, making it nearly impossible to notice.
  2. Downloading and executing malicious scripts: Necro is capable of downloading JavaScript and DEX files through hidden SDKs.
  3. Subscription fraud: Using infected devices to subscribe to paid services without your consent, could increase your phone bills.
  4. Turning your phone into a proxy: Necro can use your device as a proxy to reroute malicious traffic, making it part of a larger cyberattack network.

Google Play Apps Contaminated by Necro

While Google Play is generally a safe marketplace, even trusted platforms aren’t immune to these types of attacks. Two main apps have been identified as being infected by the Necro Trojan:

  • Wuta Camera: This popular photo editing app had the malware embedded in versions 6.3.2.148 to 6.3.6.148. Kaspersky reported the malware to Google, and they removed it from later versions. However, users who installed those older versions may still have hidden malware on their devices.
  • Max Browser: With 1 million downloads, this web browser app carried the Necro Trojan in its latest version, 1.2.0. Unfortunately, there’s no clean version of this app, so users are advised to uninstall it immediately.

Necro Malware Outside of Google Play

Necro is not only spreading through Google Play apps. Many Android users unknowingly install malware by downloading modified versions of popular apps from unofficial websites.

Some of the most notorious ones include:

  • WhatsApp mods like GBWhatsApp and FMWhatsApp: These mods promise enhanced privacy controls but could secretly infect your device.
  • Spotify Plus: It claims to give you ad-free access to premium services for free, but it’s just another malware trap.
  • Game Mods: Apps like Minecraft mods, Stumble Guys, and Car Parking Multiplayer are also dangerous as they carry Necro, load invisible ads, and install harmful software without your knowledge.
Website spreading a malicious Spotify mod

How to Protect Your Device from Necro Malware

If you’re concerned about malware, here’s how you can protect your Android phone from Necro and other similar threats:

  • Uninstall risky apps: If you’ve downloaded Wuta Camera, Max Browser, or any other modded app from unofficial sources, it’s time to delete them immediately.
  • Keep your apps updated: Always check for the latest updates directly from Google Play to ensure any infected versions are removed.
  • Use trusted antivirus software: Install reliable security apps, such as Kaspersky, to scan your device regularly and remove any threats.
  • Stick to official app stores: Avoid downloading apps from shady websites. Google Play and official app stores have security checks in place, while unofficial websites might host dangerous software.

Necro malware is a serious threat that has impacted millions of devices. You can protect your Android phone from malicious attacks by staying cautious, updating apps, and avoiding unofficial downloads.

Stay safe and ensure your device is free from harmful apps!