Dangerous new Android malware infects 11 million devices — here's what we know

News
By published

Supply chain attack originating from a compromised SDK infiltrated Play Store apps

malware
Image Credit: Flickr (Image credit: Shutterstock)

Cybersecurity researchers have revealed malware managed to sneak into the Google Play app store thanks to a compromised software development kit (SDK).

The malware, called Necro, ended up on at least 11 million devices, and quite possibly - a lot more, the team from Kaspersky noted. Necro infiltrated an advertising SDK named ‘Coral SDK’, which should have been used to integrate different advertising modules into an application. However, with steganography, the SDK deploys stage-two malware capable of a number of malicious activities, including loading ads through invisible WebView windows, downloading and running arbitrary JavaScript files, facilitating fraud, and rerouting malicious traffic.

Two seemingly legitimate applications picked up this SDK - a photo editing tool called Wuta Camera by 'Benqu,' and Max Browser by 'WA message recover-wamr.' The former has more than 10 million downloads, and the latter - one million.

Updating flawed apps

When Kaspersky discovered the malware and notified the developers - Wuta Camera was fixed, and the malware removed. If you are using this app by any chance, make sure to update it to version 6.3.7.138. Max Browser, on the other hand, is still compromised, and the researchers are suggesting deleting the app and switching to a different browser.

Google’s Play Store keeps track of, and displays, the number of downloads. Cumulatively, it is more than 11 million on the platform. However, compromised apps are being distributed through other means, too. Therefore, the number of compromised mobile endpoints is quite likely a lot bigger. Kaspersky found multiple other apps, distributed on third-party websites, carrying the Necro malware, including modded versions of WhatsApp (GBWhatsApp and FMWhatsApp), Spotify (Spotify Plus), Minecraft, Stumble Guys, and many others.

Google is usually very diligent when it comes to protecting its app repository, but even the strongest defenses can sometimes be breached. When downloading new apps, it would be wise not to blindly trust anything found on official stores. Instead, also look at the number of downloads, ratings, and reviews.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
mobile phone
Popular Android financial help app is actually dangerous malware
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Android phone malware
BADBOX malware hits 30,000 Android devices - make sure you update now
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Autonomous finance

Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
See more latest
Most Popular
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks