An updated version of the notorious Necro malware loader have been installed on 11 million Android devices through Google Play Store.
The report reveals that the new Necro Trojan was installed in unsuspecting Android devices using malicious advertising software development kits (SDK) used by legit apps, game mods, and modified apps for Spotify, Minecraft, WhatsApp and other popular software.
Related
- The story behind the ILOVEYOU virus that caused $10 billion in damages worldwide
- Why you should always update your antivirus software
Necro will install a number of payloads to the infected devices. They will then activate different malicious plugins like adware that loads links using invisible WebView windows (Cube SDK, Island plugin), modules that downloads and run arbitrary DEX and JavaScript files (Jar SDK, Happy SDK), tools designed to facilitate subscription fraud (Happy SDK, Tap plugin, Web plugin), and mechanisms that utilizes infected devices as proxies to route malicious traffic (NProxy plugin).
Their goal is to generate ad revenue by displaying ads on the background, install apps without the user’s consent, and interacting with paid services.
Cybersecurity firm Kaspersky discovered the Necro loader in two apps available on Google Play. There’s the Wuta Camera by Bunqu, a photo editing tool with more than 10 million downloads.
Kaspersky claims that Necro appeared on the version 6.3.2.148 of the app and was removed on the version 6.3.6.148 after the firm reported it to Google.
The second app is called Max Browser by developer ‘Wa message recover-wamr’, which garnered 1 million downloads before it was removed from Google Play.
Users who still have the app are encouraged to uninstall it instantly as its latest 1.2.0 version still has Necro.
Outside Google Play, the Necro Trojan is being spread mainly through modified versions of poppular apps like Spotify and WhatsApp, which unsuspecting users can get through unofficial websites.
Via: Bleeping Computer
This article, Necro malware affects 11 million Android devices thru Google Play Store, was originally published at NoypiGeeks | Philippines Technology News, Reviews and How to's.
Comments
Post a Comment