Choose your Dashboard

Zeus Cloud®

ZC2® PaaS

virtuozzo VAP

ZC2® Hybrid Cloud

virtuozzo vhi
Sales: 0333 358 0193
SupportContactDocs
News
2
 min read

New Malware Infects Millions of Android Devices Through Google Play Apps

New Malware Infects Millions of Android Devices Through Google Play Apps

A new version of the Necro malware has been found on over 11 million Android devices, installed through Google Play apps in a widespread attack on the software supply chain. This malware was hidden within malicious advertising Software Development Kits (SDKs) that were integrated into legitimate apps, modified versions of popular programs, and even game mods.

View Whitepaper

New Malware Infects Millions of Android Devices Through Google Play Apps

A new version of the Necro malware has been found on over 11million Android devices, installed through Google Play apps in a widespread attack on the software supply chain. This malware was hidden within malicious advertising Software Development Kits (SDKs) that were integrated into legitimate apps, modified versions of popular programs, and even game mods.

How the Necro Malware Spread

The malware made its way onto devices through legitimate apps using compromised SDKs. These SDKs were included in popular apps like modified versions of Spotify, WhatsApp, and Minecraft. Once installed, Necro can silently run on users' devices, deploying a variety of harmful tools.

Here’s what Necro does on infected devices:

  • Adware: It opens invisible web windows to load ads, boosting revenue for attackers.
  • Arbitrary Code Execution: It can download and run JavaScript and DEX files, allowing attackers to execute malicious actions.
  • Subscription Fraud: Some tools can secretly sign users up for paid services without their knowledge.
  • Proxy Mechanism: It uses infected devices as a gateway to route malicious internet traffic.

The diagram below explains more in detail about how Necro spreads. If you’d like a more in-depth explanation, we recommend reading Kaspersky’s post on how the trojan infiltrated Google Play.

Source: Kaspersky

Necro Malware in Popular Apps

Security experts identified Necro in two popular apps available on Google Play:

  1. Wuta Camera: This photo editing and beautification app had over 10 million downloads. The malicious version appeared in update 6.3.2.148 and stayed active until version 6.3.6.148. Although the malware was removed in version 6.3.7.138, any harmful files installed in previous versions could still be present on users' devices.
  2. Max Browser: This web browser app had 1 million downloads before it was removed from Google Play after being flagged. Unfortunately, even the latest version (1.2.0) still contains the malware, meaning users should uninstall the app immediately and switch to a different browser for safety.

How the Malware Was Hidden

The malware was distributed using an advertising SDK called "Coral SDK." The SDK used techniques like code obfuscation to hide its true function, making it difficult to detect. It even employed a method called image steganography, where harmful payloads were concealed inside seemingly harmless image files (such as PNGs).

What to Do Next

If you have downloaded Wuta Camera or Max Browser, it’s critical to update Wuta Camera to the latest clean version and uninstall MaxBrowser entirely, as no safe version exists yet. Even if you’ve already deleted the apps, check your device for any unusual activity, such as unexpected ads or high data usage, as these could be signs of lingering malware.

Staying vigilant and regularly updating or uninstalling suspicious apps is essential to keeping your Android device secure.

How to Protect Yourself

In order to avoid falling victim to malware like Necro, it’s important to be cautious when downloading apps. Here are some steps to help keep your device safe:

  1. Stick to Official App Stores: Always download apps from trusted sources like Google Play. However, even apps from official platforms can pose risks, so don’t assume they’re completely safe. For example, Necro was found hidden in a popular app with over 10 million downloads, showing that even well-known apps aren’t immune.
  2. Use Reliable Security Software: Protect your device with a reputable security solution of your choice.
  3. Be Careful with App Reviews: Before downloading, take a moment to read the reviews. Pay special attention to lower-rated reviews, as they often point out issues or suspicious behaviour. Glowing reviews might be fake, and high ratings can be misleading.
  4. Avoid Modded or Hacked Apps: While mods or unofficial versions of apps can be tempting, they often come bundled with malicious software, including Trojans or spyware. It's best to avoid these entirely to keep your device secure.

By following these tips, you can greatly reduce the risk of malware infections and ensure your device remains safe from threats like Necro.

Author
Caitlin Watkins
Marketing Member

Marketing Member

Latest Articles
The Importance of Rollbacks: Windows Server 2025 Auto-Upgrade Issues
The Importance of Rollbacks: Windows Server 2025 Auto-Upgrade Issues

Microsoft’s recent release of Windows Server 2025 has sparked some problems following reports that some systems running Windows Server 2019 and 2022 were unexpectedly upgraded to the new OS.

News
2
 min read
Equinix to Shut “Metal” Bare Metal IaaS
Equinix to Shut “Metal” Bare Metal IaaS

Data centre company Equinix has announced the closure of its Equinix ‘Metal’ bare metal infrastructure-as-a-service (IaaS) offering.

News
2
 min read
Edge Computing vs. Cloud Computing: Which One Should You Invest In?
Edge Computing vs. Cloud Computing: Which One Should You Invest In?

Both cloud computing and edge computing have become critical components for businesses. But with both options offering unique benefits, companies may find it challenging to decide which approach to invest in.

Hybrid Cloud
4
 min read
Why Your Business Should Switch to a Hosted PBX/VoIP Solution with 3CX
Why Your Business Should Switch to a Hosted PBX/VoIP Solution with 3CX

Here’s why upgrading to a hosted PBX solution like 3CX can transform your business operations and help you stay competitive.

Telecoms
3
 min read
View All Articles