11M devices infected with botnet malware hosted in Google Play
Researchers found 11 million devices infected with Necro malware from two Google Play apps, Wuta Camera and Max Browser, which used a malicious SDK. Users are advised to check for infection signs.
Read original article
Researchers have discovered that 11 million devices have been infected with a botnet malware known as Necro, which was found in two apps on Google Play. This malware, which first emerged in 2019, infiltrated the platform through a malicious software development kit (SDK) used for advertising. The infected apps, Wuta Camera and Max Browser, utilized an unverified SDK that allowed for stealthy communication with attacker-controlled servers, enabling the upload of user data and the download of malicious code. The malware employs advanced techniques, including steganography, to conceal its operations and execute commands with elevated system rights. The modular design of Necro allows it to perform various malicious actions, including modifying URLs for paid subscriptions and downloading additional harmful payloads. Users are advised to check their devices for signs of infection, especially if they have downloaded the affected apps or similar modified versions from alternative marketplaces.
- 11 million devices infected with Necro malware via Google Play apps.
- The malware was introduced through a malicious SDK for advertising.
- Infected apps include Wuta Camera and Max Browser, with Wuta Camera having 10 million downloads.
- Necro uses advanced techniques like steganography and reflection attacks to execute commands.
- Users should check for indicators of compromise if they suspect infection.
Related
Mysterious family of malware hid in Google Play for years
A family of Android malware named Mandrake has been found in Google Play, evading detection for years. It steals credentials and executes malicious applications, highlighting challenges in malware detection.
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware, NGate, exploits NFC technology to steal credit card data and PINs through social engineering. Users are advised to disable NFC and verify app sources for security.
Found: Android apps that use OCR to steal cryptocurrency credentials
Researchers found over 280 malicious Android apps using OCR technology to steal cryptocurrency wallet credentials. These apps disguise as legitimate services and are spreading from South Korea to the UK.
Void captures over a million Android TV boxes
Doctor Web reported that the Android.Vo1d malware has infected 1.3 million Android TV boxes worldwide, modifying system files for persistence, primarily affecting users in Brazil, Morocco, and Pakistan.
1.3M Android-Based TV Boxes Backdoored; Researchers Still Don't Know How
Researchers found Android.Vo1d malware infecting 1.3 million Android TV boxes globally, exploiting outdated systems. The source is unknown, with significant infections in Brazil, Morocco, and Russia.
1 commentsRelated
Mysterious family of malware hid in Google Play for years
A family of Android malware named Mandrake has been found in Google Play, evading detection for years. It steals credentials and executes malicious applications, highlighting challenges in malware detection.
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware, NGate, exploits NFC technology to steal credit card data and PINs through social engineering. Users are advised to disable NFC and verify app sources for security.
Found: Android apps that use OCR to steal cryptocurrency credentials
Researchers found over 280 malicious Android apps using OCR technology to steal cryptocurrency wallet credentials. These apps disguise as legitimate services and are spreading from South Korea to the UK.
Void captures over a million Android TV boxes
Doctor Web reported that the Android.Vo1d malware has infected 1.3 million Android TV boxes worldwide, modifying system files for persistence, primarily affecting users in Brazil, Morocco, and Pakistan.
1.3M Android-Based TV Boxes Backdoored; Researchers Still Don't Know How
Researchers found Android.Vo1d malware infecting 1.3 million Android TV boxes globally, exploiting outdated systems. The source is unknown, with significant infections in Brazil, Morocco, and Russia.