Alarming Android Malware Infiltrates Google Play Infecting Millions Of Devices

by · HotHardware

In what feels like déjà vu, a particular piece of Android malware has managed to sneak its way back into apps available in the Google Play Store after initially being discovered in 2019. The security research team at Kaspersky shared that the "Necro" trojan was found within several popular apps that, according to Google Play data, had been downloaded by over 11 million devices before being spotted.

Several apps on the Google Play store were found to be infected with Necro, but the most popular were the "Wuta Camera" app and "Max Browser". Out of the aforementioned 11 million devices, virtually all of them downloaded one of these two apps. Google has since removed the infected apps from the store.

Of course, as with most mobile malware, Necro was also available from plenty of unofficial sources outside of the Google Play Store. Several popular apps such as WhatsApp, Spotify, and even Minecraft are offered on the web in modified form, claiming extra functionality including free access to paid subscription services. Unfortunately for users tempted by these mods, they were also opening themselves up to being infected by Necro.

Once installed on a victim’s device, this malware initially sends system information to a server controlled by the attackers. This includes the device's IMEI, RAM capacity, and what version of Android is currently installed. Necro is then able to receive a variety of plugins that determine its functionality, providing attackers with a wide range of options. For example, one of these plugins enables the display of intrusive ads during random time intervals.

It's always bad news when malware such as Necro is able to find its way into apps that are available in the Google Play Store, especially when it has been previously discovered. We often advise readers that one of the best ways to remain safe while using mobile devices is to stick to the official app store. However, every time this happens it can chip away at user confidence in this advice. Hopefully Google is learning lessons from incidents such as this one and can work to improve their systems for detecting malware.