Android Malware 'Necro' Infects 11 Million Devices Through Google Play



( Image illustration purpose only )


Do you know Android Malware 'Necro' which is delivered via malicious SDK supply chain Infects 11 Million Devices Through Google Play



Spotify, WhatsApp, and Minecraft mods infected via Android Malware 'Necro


Introduction:

A new variant of the **Necro malware** has recently infected **11 million Android devices** through Google Play. This malware is stealthily embedded in legitimate apps, posing a significant threat to millions of users worldwide. 

The malware is delivered via malicious SDK supply chain attacks, impacting popular apps like Spotify, WhatsApp, and Minecraft mods. Here's a detailed breakdown of how the Necro malware operates and how users can stay safe.


The Spread of Necro Malware:

The Necro malware was installed through **malicious advertising software development kits (SDKs)** in legitimate apps, Android game mods, and modified versions of popular software. 

The infected apps gained access to devices through the Google Play Store, which has long been considered a trusted platform. The malware leveraged apps like:

- **Spotify**
- **WhatsApp**
- **Minecraft**

Malicious SDKs inserted into these apps were responsible for installing Necro on unsuspecting users' devices.


How Necro Works: Payloads and Plugins:

Once Necro infects a device, it delivers several harmful payloads designed to exploit the system. Some of the primary malicious plugins activated include:

Adware: Loads links through invisible WebView windows using the **Island** and **Cube SDKs.

Malicious Code Execution: Downloads and runs arbitrary JavaScript and DEX files using the Happy SDK and Jar SDK

Subscription Fraud: Engages in subscription fraud using the Web plugin, Happy SDK, and Tap plugin.

Malicious Traffic Routing: Turns infected devices into proxies to route harmful traffic through the NProxy plugin


These plugins give cybercriminals the ability to generate fraudulent revenue by running ads in the background, installing apps without user consent, and more.


Discovery and Impacted Apps  
**Kaspersky** identified two apps on Google Play that were infected by the Necro loader:

1. **Wuta Camera by Benqu** – A photo editing app with over 10 million downloads. Necro was present from version 6.3.2.148 to 6.3.6.148.
2. **Max Browser by WA Message Recover-WAMR** – A web browser with 1 million downloads. Necro was embedded in its latest version, 1.2.0.


These apps were infected through an **advertising SDK called 'Coral SDK'**, which used sophisticated techniques like obfuscation and image steganography to conceal its activities. The malicious SDK downloaded the second-stage payload, disguised as harmless PNG images, further compromising devices.


Malicious Mods Outside Google Play:

In addition to Google Play apps, Necro spread through **modified versions of popular apps (mods)** distributed via unofficial websites. Some notable mods that were affected include:


- **GBWhatsApp** and **FMWhatsApp** – These WhatsApp mods promise enhanced privacy and file-sharing capabilities.

- **Spotify Plus** – A mod offering free, ad-free premium services.

- **Game Mods:** Infected mods for popular games like **Minecraft**, **Stumble Guys**, and **Car Parking Multiplayer** were also identified.


The behavior in all these cases remained consistent—displaying ads in the background, installing unauthorized apps, and using invisible WebViews to interact with paid services.


Google's Response:

Google acted swiftly to address the issue. All the infected versions of apps were removed from Google Play before the report was published. A Google spokesperson stated that **Google Play Protect**—Android's built-in malware defense system—provides automatic protection against known versions of the malware. **Google Play Protect** remains enabled by default on all Android devices, ensuring users are safeguarded even if they download apps from third-party sources.


Conclusion:

The **Necro malware** poses a severe risk to Android users, with over **11 million devices** affected globally. The malware’s infiltration through popular apps and unofficial mods highlights the importance of only downloading apps from trusted sources like Google Play

Users must remain vigilant, uninstall any suspicious apps, and rely on Google Play Protect for added security. While Google has removed the infected apps, it is crucial for users to be proactive and avoid downloading modified apps from unreliable websites.







Content Image Source Courtesy:
https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play/



Comments

Post a Comment

Popular posts from this blog

From Railways to SpaceX | The Inspirational Career Journey of Sanjeev Sharma

Image
From Railways to SpaceX | The Inspirational Career Journey of Sanjeev Sharma The Rise of an Engineer’s LinkedIn Fame: Sanjeev Sharma's inspiring journey, from working with Indian Railways to becoming a key figure at SpaceX, has taken the internet by storm.  His viral LinkedIn profile not only captures the imagination of aspiring engineers but also shows how perseverance and a thirst for knowledge can open doors to extraordinary opportunities.  His career path is a testament to what is possible when one continuously seeks personal and professional growth. A Humble Beginning: From Indian Railways to Growth: Sanjeev Sharma, an alumnus of the prestigious Indian Institute of Technology (IIT) Roorkee, started his career with Indian Railways as a Divisional Mechanical Engineer.  His passion for engineering and commitment to his role soon earned him a promotion to Deputy Chief Mechanical Engineer.  After over a decade of government service, Sharma sought g...
Read more

Van der Waals Stacking and Its Role in Shrinking Quantum Computing Components by 1,000 Times

Image
Van der Waals Stacking and Its Role in Shrinking Quantum Computing Components by 1,000 Times Introduction : Quantum computing has made significant strides in recent years, with new discoveries regularly pushing the boundaries of what is possible.  A recent study from Nanyang Technological University (NTU) Singapore has introduced a groundbreaking method that could revolutionize this field.  By leveraging Van der Waals stacking, a process historically used in material science, researchers have found a way to shrink key quantum computing components by up to 1,000 times.  This discovery could make quantum technology much more accessible and easier to integrate into modern systems. How Ultra-Thin Materials Can Revolutionize Photon Production: In quantum computing, photons, or light particles, are used to hold and transfer quantum information. However, creating entangled photon pairs—a crucial component for quantum operations—has been a major hurdle.  T...
Read more

Do you know OpenAI reportedly spends around $700,000 daily to keep ChatGPT operational

Image
Do you know OpenAI reportedly spends around $700,000 daily to keep ChatGPT operational Financial Struggles in the AI Industry: The environmental costs of AI are not the only challenge. The financial burden of maintaining these advanced models is becoming a growing concern for companies. OpenAI reportedly spends around $700,000 daily to keep ChatGPT operational. Investors have raised concerns over the profitability of AI technologies, especially given the vast amounts of resources required to maintain and develop these models. OpenAI was on the verge of bankruptcy, projecting losses of up to $5 billion. However, through strategic funding from major tech players like Microsoft, NVIDIA, and Apple, OpenAI managed to secure its future, pushing its market capitalization to over $150 billion.  These funds have given the company the resources it needs to continue innovating, but the question remains: can AI ever become truly profitable? The Chip Supply Crisis: Bottlenec...
Read more