New Malware Infects 11-M Android Devices

A new version of the Necro malware loader, specifically designed to infect Android devices, was successfully installed on an alarming 11 million devices through malicious software development kits (SDKs) supplied through Google Play.

Kaspersky recently discovered the presence of the Necro loader on two popular apps on Google Play, which has a significant user base.

The first one is Wuta Camera by ‘Benqu,’ a photo editing and beautification tool with over 10,000,000 downloads on Google Play.

The second app that featured Necro was Max Browser by a developer named ‘WA message recover-wamr.’

The browser garnered 1 million downloads on Google Play before its removal, following Kaspersky’s report.

Kaspersky warns that Max Browser’s latest version, 1.2.0, still contains Necro, with no clean version. Therefore, users are advised to uninstall Max Browser immediately and switch to a different browser.

Devices infected with Necro are subject to various activated malicious plugins, including adware, automatic downloading, and execution of JavaScript and DEX files, tools that help with subscription fraud, and proxies that bring malicious traffic onto the device.

This new version of the Necro Trojan was installed through malicious advertising SDKs used by legitimate apps, Android game mods, and modified versions of popular software.

Google has removed the malicious versions of the apps from Google Play and stated that Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. (GFB)