11 Million Android Devices Infected: New Version of Necro Malware Spreads via Google Play Store

11 Million Android Devices Infected: New Version of Necro Malware Spreads via Google Play Store

A new wave of malware is on the loose! An updated version of the notorious Necro malware loader has reportedly infected 11 million Android devices through the Google Play Store.

The Necro Trojan sneaked into users' devices via malicious SDKs hidden in legitimate apps, popular game mods, and modified versions of apps like Spotify, Minecraft, and WhatsApp. If you're using any of these, stay alert and secure your device!

Numerous payloads will be installed on the compromised devices by Necro. After that, they will activate various malicious plugins, such as adware that uses invisible WebView windows to load links (Cube SDK, Island plugin), modules that download and run arbitrary JavaScript and DEX files (Jar SDK, Happy SDK), tools for facilitating subscription fraud (Happy SDK, Tap plugin, Web plugin), and systems that use compromised devices as proxies to route malicious traffic (NProxy plugin).

Their goal is that by install programs without the user's permission, running adverts in the background, and engaging with paid services, they hope to make money from advertisements.


The antivirus company Kaspersky uncovered the Necro loader, a malware that runs background advertisements, installs software without the user's permission, and communicates with premium services. Wuta Camera and Max Browser, two Google Play apps, both had it. Additionally, customized versions of well-known programs like WhatsApp and Spotify are used to distribute the Trojan.

Via https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play/