Android’s latest nightmare: millions of devices infected with insidious malware

You might think that downloading an app listed in the Play Store would be safe. That’s what Google wants you to believe, and it’s largely true. But in this digital world, no service is foolproof.

It happened again and again that frequently downloaded apps from the Play Store were infected with malware. While Google continues to promise that the app market is safe, another incident has come to light.

Security researchers have discovered a new Trojan malware called Necro that not only infects apps downloaded through unofficial sources, but also apps in the Play Store, including one with more than 10 million downloads.

GET SAFETY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

How does Necro infect apps?

It is still unclear how exactly both apps were originally compromised with the malware. Researchers at Kaspersky’s Securelist believe that a fraudulent Software Development Kit (SDK) used to integrate advertising features may be responsible for the breach. SDKs are important tools that developers use to add specific features to their apps, such as advertising services, analytics, or payment processing.

CLICK HERE FOR MORE US NEWS

If an SDK is compromised, it can inadvertently introduce vulnerabilities in the applications that use it. In this case, the malware affecting the apps ran ads in the background to generate fraudulent revenue for the attackers, installed apps and APKs without user consent, and used invisible WebViews to interact with paid services.

The Trojan in question, Necro, is not exactly new. This is the same malware that infected a popular document scanner called CamScanner in 2019, which had over 100 million downloads at the time.

The Android banking Trojan is evolving to evade detection and strike worldwide

Which apps are affected?

Kaspersky researchers have identified several apps affected by the Necro Trojan, including those available on Google Play. Their combined audience included more than 11 million Android devices.

The first app affected is Wuta Camera, a photo editing and beautification tool. It has at least 10 million times. The Necro-Loader is embedded in it from version 6.3.2.148. The latest version of the app, 6.3.6.148, which was available on Google Play, also had this. After researchers reported the presence of malicious code to Google, version 6.3.7.138 of the Trojan was removed from the app.

The second infected app was Max Browser. According to Google Play, this browser was installed more than a million times and from version 1.2.0 it also included the Necro-Loader. Google removed the infected app from the Play Store after it was reported.

Kaspersky also found WhatsApp mods containing Necro-Loader in unofficial sources. The Spotify mod “Spotify Plus” was also discovered, which promises free access to ad-free premium services. Additionally, the report mentions mods for popular games such as Minecraft, Stumble Guys, Car Parking Multiplayer and Melon Sandbox, all of which were infected with the Necro-Loader.

Mods or modifications are altered versions of original apps or games that often offer additional features or optimizations.

GET FOX BUSINESS ON THE GO by CLICKING HERE

ANDROID BANKING TROJAN PRAISES AS GOOGLE PLAY TO STEAL YOUR DATA

How does Google react to this?

Google is aware of the Necro malware and, as mentioned above, has already disabled the affected apps. A Google spokesperson provided us with the following statement:

“All malicious versions of the apps identified in this report were removed from Google Play before the report was published. Android users are automatically protected from known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play.” Google Play Protect services can alert users or block apps that are known to be harmful Show behavior even if these apps come from sources outside of Play.

THE HIDDEN COST OF FREE APPS: YOUR PERSONAL DATA

4 ways to protect yourself from Necro malware

1. Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but the Necro Trojan proves that this is not enough. In the past, Play Protect has not been 100% safe at removing all known malware from Android phones. The best way to protect yourself from clicking on malicious links that install malware that may gain access to your private data is to install antivirus protection on all your devices. This can also alert you to any events that may occur Phishing emails or Ransomware scam. Get my pick of the best antivirus winners of 2024 for your Windows, Mac, Android and iOS devices.

2. Download apps from reliable sources: It’s important to only download apps from trusted sources like the Google Play Store. You could say I’m contradicting myself, but the Play Store is still safer than other options out there. It has strict controls to prevent malware and other malicious software. However, even with Google Play’s security measures, downloading apps from the store does not guarantee 100% protection against malware or malware. Avoid downloading apps from unknown websites or unofficial stores as they may pose a higher risk to your personal information and device. Never trust download links you receive via SMS.

3. Be careful with app permissions: Always check the permissions requested by apps before installing. If an app requests access to features that seem unnecessary to its function, this could be a sign of malicious intent. Don’t grant access permissions to apps unless really necessary. Avoid granting permissions that could put your personal information at risk.

4. Regularly update your device’s operating system and apps: Keep your software up to date is critical because updates often include security patches for newly discovered vulnerabilities that could be exploited by Trojans.

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS

Kurt’s most important findings

The discovery of the Necro-Loader in apps like Wuta Camera, Max Browser and popular game mods shows how serious security issues can be in the app world. With over 11 million Android devices affected, it’s important to be careful where you download your apps. Unofficial sources can be a breeding ground for hidden threats, but the Play Store is not completely safe either. Google should check which apps it allows on its platform. I haven’t seen as many malware problems with iPhone apps as I have with Android.

CLICK HERE TO GET THE FOX NEWS APP

Do you think Google is doing enough to protect users from malware on the Play Store? Let us know by writing to us Cyberguy.com/Contact

For more tech tips and security alerts, subscribe to my free CyberGuy Report newsletter at Cyberguy.com/Newsletter

Ask Kurt a question or tell us what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most frequently asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.