Published in News

Kaspersky finds new strain of Google Play malware

by on24 September 2024
Kaspersky finds new strain of Google Play malware


Necro back from the dead

Five years ago, Kaspersky researchers found a legitimate Android app in the Google Play market had been made malicious by a library the developers used to earn advertising revenue.

Dubbed Necro, the app was infected with code that caused 100 million infected devices to connect to attacker-controlled servers and download secret payloads.

Now, the same Kaspersky team has found two new apps, downloaded from Play 11 million times, infected with the same malware family. The researchers from Kaspersky believe a malicious software developer kit for integrating advertising capabilities is once again responsible.

The researchers found Necro in two Google Play apps. One was Wuta Camera, an app with 10 million downloads to date. Wuta Camera versions 6.3.2.148 through 6.3.6.148 contained the malicious SDK that infects apps.

The app has since been updated to remove the malicious component. A separate app with roughly 1 million downloads —Max Browser—was also infected. That app is no longer available on Google Play.

The researchers also found Necro infecting a variety of Android apps available in alternative marketplaces. Those apps typically billed themselves as modified versions of legitimate apps such as Spotify, Minecraft, WhatsApp, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox.

Last modified on 24 September 2024
Rate this item
(0 votes)
More in this category: « Start-up launches another form of sauce Amazon, Meta, and Tesla are enemies of democracy »
back to top

Most popular

Latest comments