Dangerous new Android malware infects 11 million devices — here's what we know

malware
Image Credit: Flickr (Image credit: Shutterstock)

Cybersecurity researchers have revealed malware managed to sneak into the Google Play app store thanks to a compromised software development kit (SDK).

The malware, called Necro, ended up on at least 11 million devices, and quite possibly - a lot more, the team from Kaspersky noted. Necro infiltrated an advertising SDK named ‘Coral SDK’, which should have been used to integrate different advertising modules into an application. However, with steganography, the SDK deploys stage-two malware capable of a number of malicious activities, including loading ads through invisible WebView windows, downloading and running arbitrary JavaScript files, facilitating fraud, and rerouting malicious traffic.

Two seemingly legitimate applications picked up this SDK - a photo editing tool called Wuta Camera by 'Benqu,' and Max Browser by 'WA message recover-wamr.' The former has more than 10 million downloads, and the latter - one million.

Updating flawed apps

When Kaspersky discovered the malware and notified the developers - Wuta Camera was fixed, and the malware removed. If you are using this app by any chance, make sure to update it to version 6.3.7.138. Max Browser, on the other hand, is still compromised, and the researchers are suggesting deleting the app and switching to a different browser.

Google’s Play Store keeps track of, and displays, the number of downloads. Cumulatively, it is more than 11 million on the platform. However, compromised apps are being distributed through other means, too. Therefore, the number of compromised mobile endpoints is quite likely a lot bigger. Kaspersky found multiple other apps, distributed on third-party websites, carrying the Necro malware, including modded versions of WhatsApp (GBWhatsApp and FMWhatsApp), Spotify (Spotify Plus), Minecraft, Stumble Guys, and many others.

Google is usually very diligent when it comes to protecting its app repository, but even the strongest defenses can sometimes be breached. When downloading new apps, it would be wise not to blindly trust anything found on official stores. Instead, also look at the number of downloads, ratings, and reviews.

Via BleepingComputer

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.