A new strain of Necro malware has infected over 11 million Android devices, primarily targeting users through both the Google Play Store and third-party sources. The malware, first identified by Kaspersky, spreads by exploiting vulnerabilities in legitimate apps, often bundled with malicious software development kits (SDKs). Apps like Wuta Camera, downloaded over 10 million times, and Max Browser, downloaded more than a million times, have been significant sources of the infection. Although these apps have been updated to remove the malicious code, the issue highlights the challenges of detecting malware on widely used platforms.
The spread of Necro malware is not limited to the Play Store, as it also thrives in modified versions of popular apps like Spotify and WhatsApp, often downloaded from unofficial sources. These modified apps promise enhanced features but instead deliver malware payloads. The attackers use techniques like steganography to hide malicious code within innocent-looking PNG image files, making it harder for security systems to detect. Necro is capable of generating adware, committing subscription fraud, and turning infected devices into proxies for malicious traffic, increasing its potential for widespread damage.
Kaspersky researchers have identified the infection’s reach, particularly in countries like Russia, Brazil, and Vietnam, where over 10,000 Necro-related attacks have been blocked. The malware is especially problematic in the gaming sector, targeting game mods like Minecraft and Stumble Guys, which attract younger audiences who may not be fully aware of the risks of downloading unofficial software. As these mods are often distributed through third-party platforms, they serve as an ideal vector for spreading malware to unsuspecting users.
This incident follows a trend of malware infiltrating Android devices, underscoring the ongoing challenges faced by mobile users. The recent discovery of the Xamalicious malware, which infected over 330,000 Android devices, further emphasizes the importance of vigilance in downloading apps only from trusted sources. Despite efforts by companies like Google to remove malicious apps, the evolving tactics used by malware actors, such as the use of steganography and SDK-based attacks, make it clear that mobile malware remains a persistent and growing threat to users worldwide.
Reference:
