Every now and then, we learn about malicious Android apps sneaking their way onto the Play Store. The most recent discovery, however, concerns two Play Store apps containing a malware Trojan that has affected over 11 million Android devices. The same malware was also found in unofficial apps, which means the number of victims here is likely much higher.
Modified apps
Kaspersky first investigated a modified Spotify app called Spotify Plus, which advertised as offering Spotify Premium features for no charge. While the app claimed to be “Security Verified,” Kaspersky’s analysis found these claims were false, and that the app allows the Trojan to infect these devices. Researchers also found the Trojan in modified versions of WhatsApp, in both “GBWhatsApp” and “FMWhatsApp.”
In addition, Kaspersky says they found Necro in a series of game mods. That includes Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox.
Kaspersky stresses that it’s impossible to say how many victims there are from these unofficial sources. All we can tally are the number of downloads from affected apps in the Play Store.
Play Store apps
Between all the affected apps Kaspersky discovered in Google’s Play Store, it turns out the Necro Trojan has infected more than 11 million Android devices. The largest app in the series by far is the Wuta Camera app, which Kaspersky says was downloaded more than 10 million times alone. The app wasn’t always malicious, either: Researchers say the Trojan first appeared in version 6.3.2.148 of the app. It has since been removed, so the app is currently safe to download.
Max Browser also contained the Trojan, and was downloaded more than one million times. The first version of this app to contain the Trojan was version 1.2.0, but since Kaspersky reported the app, Google has taken Max Browser off their app store entirely.
What Necro does
When installed on your device, Necro malware can execute a number of functions. As explained by BleepingComputer, Necro’s payloads can activate malicious plugins to run adware that opens its links with invisible windows; programs that run various scripts; programs to activate fraudulent subscriptions; and tools that route malicious traffic through your device.
In effect, your unofficial app download, or official download in the case of Max Browser and Wuta Camera, generates money for attackers as you inadvertently open advertisements and run fraudulent subscriptions in the background.
How to protect your device
The first thing you should do is scan your Android phone for any of the Play Store apps mentioned above. If you have Wuta Camera, make sure to update the app immediately, or delete it from your phone. If you have Max Browser, delete it: There is no safe version of this app.
In addition, delete any of the modified apps named in this piece if you have them on your smartphone, and be vigilant with unofficial downloads going forward. Sideloading certainly opens up more apps than are contained on the Play Store, but since there are fewer checks and regulations, you run the risk of downloading something malicious.
Disclaimer
Artificial Intelligence Disclosure & Legal Disclaimer
AI Content Policy.
To provide our readers with timely and comprehensive coverage, South Florida Reporter uses artificial intelligence (AI) to assist in producing certain articles and visual content.
Articles: AI may be used to assist in research, structural drafting, or data analysis. All AI-assisted text is reviewed and edited by our team to ensure accuracy and adherence to our editorial standards.
Images: Any imagery generated or significantly altered by AI is clearly marked with a disclaimer or watermark to distinguish it from traditional photography or editorial illustrations.
General Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service. In no event shall South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service.
The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice. The Company does not warrant that the Service is free of viruses or other harmful components.
