Home Necro malware infects 11 million Android devices through popular Google Play apps

Necro malware infects 11 million Android devices through popular Google Play apps

Cybersecurity researchers have revealed malware managed to sneak into the Google Play app store, infecting more than an estimated 11 million devices. The team from Kaspersky said the malware, called Necro, infiltrated an advertising software development kit (SDK) named ‘Coral SDK’, which should have been used to integrate different advertising modules into an application.

Several apps have been confirmed to be infected, including Wuta Camera and Max Browser. In addition, WhatsApp mods from unofficial sources and a modified version of Spotify known as Spotify Plus also contain the malware.

When Kaspersky discovered the malware and alerted the developers, Wuta Camera was said to have been fixed, and the malware was removed. If you happen to use this app, be sure to update it to version 6.3.7.138. However, Max Browser remains compromised, and researchers recommend deleting the app and switching to an alternative browser.

The researchers also found that Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox had infected game mods.

The analysts said that downloaded payloads can perform various malicious activities, such as displaying ads in invisible windows and interacting with them, downloading and executing arbitrary DEX files, installing other applications, opening specific links in hidden WebView windows, and executing JavaScript code. It can also create a tunnel through the victim’s device and potentially subscribe to paid services without the user’s knowledge.

What is the Necro malware infecting Android devices?

Necro is a sophisticated Android downloader that receives commands from its creators to carry out malicious activities. Kaspersky’s systems have detected its spread across multiple countries, which suggests that it’s part of a larger, ongoing campaign that poses an increasing threat to mobile users globally.

The malware is designed to generate revenue for the attacker by executing processes in the background of the infected device.

The researchers recommend if you have any of the aforementioned Google Play apps installed and the versions are infected, update the app to a version where the malicious code has been removed, or delete it.

They also remind users to download applications from official sources only. Applications installed from unofficial platforms may contain malicious functionality.

In May, ReadWrite reported on another malware targeting Android devices. ThreatFabric discovered “Brokewell,” posing as a fake Chrome update.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.