Choose your Dashboard

Zeus Cloud®

ZC2® PaaS

virtuozzo VAP

ZC2® Hybrid Cloud

virtuozzo vhi
Sales: 0333 358 0193
SupportContactDocs
News
2
 min read

New Malware Infects Millions of Android Devices Through Google Play Apps

New Malware Infects Millions of Android Devices Through Google Play Apps

A new version of the Necro malware has been found on over 11 million Android devices, installed through Google Play apps in a widespread attack on the software supply chain. This malware was hidden within malicious advertising Software Development Kits (SDKs) that were integrated into legitimate apps, modified versions of popular programs, and even game mods.

View Whitepaper

New Malware Infects Millions of Android Devices Through Google Play Apps

A new version of the Necro malware has been found on over 11million Android devices, installed through Google Play apps in a widespread attack on the software supply chain. This malware was hidden within malicious advertising Software Development Kits (SDKs) that were integrated into legitimate apps, modified versions of popular programs, and even game mods.

How the Necro Malware Spread

The malware made its way onto devices through legitimate apps using compromised SDKs. These SDKs were included in popular apps like modified versions of Spotify, WhatsApp, and Minecraft. Once installed, Necro can silently run on users' devices, deploying a variety of harmful tools.

Here’s what Necro does on infected devices:

  • Adware: It opens invisible web windows to load ads, boosting revenue for attackers.
  • Arbitrary Code Execution: It can download and run JavaScript and DEX files, allowing attackers to execute malicious actions.
  • Subscription Fraud: Some tools can secretly sign users up for paid services without their knowledge.
  • Proxy Mechanism: It uses infected devices as a gateway to route malicious internet traffic.

The diagram below explains more in detail about how Necro spreads. If you’d like a more in-depth explanation, we recommend reading Kaspersky’s post on how the trojan infiltrated Google Play.

Source: Kaspersky

Necro Malware in Popular Apps

Security experts identified Necro in two popular apps available on Google Play:

  1. Wuta Camera: This photo editing and beautification app had over 10 million downloads. The malicious version appeared in update 6.3.2.148 and stayed active until version 6.3.6.148. Although the malware was removed in version 6.3.7.138, any harmful files installed in previous versions could still be present on users' devices.
  2. Max Browser: This web browser app had 1 million downloads before it was removed from Google Play after being flagged. Unfortunately, even the latest version (1.2.0) still contains the malware, meaning users should uninstall the app immediately and switch to a different browser for safety.

How the Malware Was Hidden

The malware was distributed using an advertising SDK called "Coral SDK." The SDK used techniques like code obfuscation to hide its true function, making it difficult to detect. It even employed a method called image steganography, where harmful payloads were concealed inside seemingly harmless image files (such as PNGs).

What to Do Next

If you have downloaded Wuta Camera or Max Browser, it’s critical to update Wuta Camera to the latest clean version and uninstall MaxBrowser entirely, as no safe version exists yet. Even if you’ve already deleted the apps, check your device for any unusual activity, such as unexpected ads or high data usage, as these could be signs of lingering malware.

Staying vigilant and regularly updating or uninstalling suspicious apps is essential to keeping your Android device secure.

How to Protect Yourself

In order to avoid falling victim to malware like Necro, it’s important to be cautious when downloading apps. Here are some steps to help keep your device safe:

  1. Stick to Official App Stores: Always download apps from trusted sources like Google Play. However, even apps from official platforms can pose risks, so don’t assume they’re completely safe. For example, Necro was found hidden in a popular app with over 10 million downloads, showing that even well-known apps aren’t immune.
  2. Use Reliable Security Software: Protect your device with a reputable security solution of your choice.
  3. Be Careful with App Reviews: Before downloading, take a moment to read the reviews. Pay special attention to lower-rated reviews, as they often point out issues or suspicious behaviour. Glowing reviews might be fake, and high ratings can be misleading.
  4. Avoid Modded or Hacked Apps: While mods or unofficial versions of apps can be tempting, they often come bundled with malicious software, including Trojans or spyware. It's best to avoid these entirely to keep your device secure.

By following these tips, you can greatly reduce the risk of malware infections and ensure your device remains safe from threats like Necro.

Author
Caitlin Watkins
Marketing Member

Marketing Member

Latest Articles
Introducing Canvas: A New Way to Use ChatGPT for Writing and Coding Projects
Introducing Canvas: A New Way to Use ChatGPT for Writing and Coding Projects

This new workspace provides an interactive platform for writing and coding projects, appearing in a separate window alongside the usual chat interface.

News
2
 min read
Perfctl Malware Targeting Millions of Linux Servers
Perfctl Malware Targeting Millions of Linux Servers

Individuals across the globe have been reporting a malware known as "perfctl" (also referred to as perfcc) that is wreaking havoc on their Linux servers.

News
2
 min read
Thousands infected by card payment theft via CosmicSting vulnerability
Thousands infected by card payment theft via CosmicSting vulnerability

Ray-Ban, National Geographic, Whirlpool, and Segway are just a few of the thousands of global brands whose online stores have recently been compromised.

News
2
 min read
Important Update for Windows 10 Users
Important Update for Windows 10 Users

900 million users are at risk of running unsupported software in just over a year as a result of Microsoft’s decision to end support for Windows 10 in October 2025.

News
2
 min read
View All Articles