You might think downloading an app from the Google Play Store is always safe. After all, Google claims it checks apps before making them available. And while the Play Store is generally more secure than other sources, it’s not foolproof. There have been multiple incidents where apps from the Play Store were infected with malware, despite Google’s efforts to protect users. Now, another case has come to light.
Necro Trojan Malware Found in Popular Apps
Security experts have discovered a new version of the Necro Trojan malware. It’s infecting apps from unofficial sources and even some on the Google Play Store. One of the infected apps has more than 10 million downloads, showing how widespread the issue is.
How Does Necro Infect Apps?
Researchers from Kaspersky’s Securelist believe the malware may have spread through a rogue software development kit (SDK). SDKs help developers add features like ads, analytics, or payment options to their apps. Unfortunately, if the SDK itself is compromised, it can introduce vulnerabilities to any app that uses it.
In this case, the Necro malware displayed ads in the background to generate revenue for the attackers. It also installed apps and APKs without users knowing and used hidden WebViews to interact with paid services. This resulted in fraudulent charges and a negative user experience.
Necro’s History
Necro isn’t new. It was first found in 2019 when it infected the popular CamScanner app, which had over 100 million downloads at the time. Now, it’s back, affecting a whole new set of apps.
Which Apps Are Affected?
Kaspersky’s researchers found several apps infected with the Necro Trojan. These apps were available on Google Play and had a combined total of over 11 million downloads. Two notable apps infected by Necro were:
1. Wuta Camera: A popular photo editing app with more than 10 million downloads. The malware was embedded starting with version 6.3.2.148. Even the latest version on Google Play, 6.3.6.148, contained the Trojan. After Kaspersky alerted Google, the malware was removed in version 6.3.7.138.
2. Max Browser: A web browser with over a million downloads. The Necro loader appeared in version 1.2.0, and Google removed the app after it was reported.
Researchers also found Necro in unofficial mods of popular apps like WhatsApp, Spotify (modded as “Spotify Plus”), and several games like Minecraft, Stumble Guys, and Melon Sandbox. These mods often promise premium services for free or extra features, but downloading them can introduce serious risks.
Android Malware: Google’s Response
Google acted quickly once it was alerted to the problem. The company removed the infected apps from the Play Store and provided the following statement:
“All of the malicious versions of the apps identified by this report were removed from Google Play prior to report publication. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
How to Protect Yourself from Necro Android Malware
Here are four steps you can take to safeguard your device against Necro and other malware threats:
1. Install Strong Antivirus Software: Android has Play Protect, but it’s not always enough. Play Protect has missed malware before, including the Necro Trojan. Installing reputable antivirus software can help protect your device from harmful apps, phishing attempts, and ransomware. Consider using a highly rated antivirus solution that works on multiple devices, including Android, Windows, Mac, and iOS.
2. Download Apps from Trusted Sources: While the Play Store has security checks, it’s still safer than unofficial stores or third-party websites. Stick to downloading apps from Google Play, and avoid getting apps from unknown links, especially those sent via SMS or email. These can often lead to malicious downloads.
3. Check App Permissions Carefully: Be cautious when granting apps permissions. If an app asks for access to features that don’t seem necessary, such as requesting location access for a simple game, it could be suspicious. Avoid giving unnecessary permissions and don’t grant accessibility permissions unless absolutely needed. These permissions can give malware access to sensitive data.
4. Keep Your Device and Apps Updated: Regularly updating your phone and apps is crucial for staying safe. Updates often include security fixes that protect against newly discovered vulnerabilities. Outdated apps or systems can be easy targets for malware.
Malware Remains a Threat on Android
The Necro Trojan infection in apps like Wuta Camera and Max Browser shows how serious security issues can be, even on platforms like the Google Play Store. Over 11 million Android devices were affected, and this is just one example of the risks users face.
Mods, in particular, are a big target for malware. While they might seem like an easy way to get premium services for free, they often come with hidden dangers. And even though the Play Store has protections in place, it’s not completely safe either.
Google Must Improve
Google has made progress in keeping its Play Store secure, but incidents like these show there’s still work to do. The company should focus on stricter app review processes to prevent malware from slipping through the cracks. Users also need to stay vigilant, especially when downloading apps that seem too good to be true.
Interestingly, iPhones seem to face fewer malware issues compared to Android. This is likely due to Apple’s more controlled app ecosystem, but that doesn’t mean iPhone users are immune to threats. Both platforms require constant vigilance and smart security practices.
Conclusion
Android Malware like the Necro Trojan reminds us that no platform is completely safe. Whether you’re using Android or iOS, the best protection is staying cautious, keeping your software updated, and only downloading apps from trusted sources. By following these steps, you can reduce the risk of falling victim to malware and keep your personal data secure.