11 Million Devices Infected with Botnet Malware Hosted in Google Play: A Detailed Overview



Introduction

Google Play, the trusted app store for Android devices, has faced multiple security breaches over the years. One of the most alarming is the infiltration of malware through legitimate apps. Recently, a new wave of malware, known as Necro, has emerged, affecting over 11 million devices. This article delves into how Necro infiltrated Google Play, the techniques it uses, and the consequences of its spread.

The Re-Emergence of Necro: A Familiar Threat

What is Necro Malware?

Necro is a notorious malware family known for its stealth and modular nature. First identified in 2019, Necro has evolved to become more sophisticated, with its latest version now using advanced methods like steganography (a technique that hides malicious data within seemingly harmless files) to infect devices. This malware is particularly dangerous because it can spread through legitimate apps available in Google Play, making it harder to detect and avoid.

Necro’s Infiltration of Google Play in 2019

In 2019, researchers discovered that a seemingly legitimate Android app on Google Play had been secretly infected with malware. This malware was embedded through a Software Development Kit (SDK) used by developers to generate advertising revenue. Once integrated into the app, the SDK allowed attackers to control infected devices, enabling them to download and execute hidden payloads. This caused millions of devices to be connected to attacker-controlled servers.

Necro's Return in 2024

Fast forward to 2024, and Necro is back, infecting over 11 million devices. This time, researchers from the security firm Kaspersky found that two popular apps—Wuta Camera and Max Browser—had been compromised. The malware was distributed through a malicious SDK, once again using legitimate apps as a vehicle for infection.

How Necro Malware Infects Devices

The Role of Malicious SDKs

Software Development Kits (SDKs) are essential tools for app developers, offering ready-made solutions for common tasks like displaying ads or managing user interactions. Unfortunately, these SDKs can be exploited, as was the case with Necro. The malicious SDK embedded in apps like Wuta Camera and Max Browser allowed attackers to remotely control infected devices. Once installed, the apps would communicate with attacker-controlled servers, downloading malicious code that could be executed at any time.

Stealthy Techniques: Steganography and Obfuscation

Necro uses sophisticated techniques to remain undetected. One of the standout methods is steganography, where malicious data is hidden within seemingly benign images. This method is rarely seen in mobile malware but was used by Necro to download additional payloads from attacker-controlled servers. By embedding malicious code within PNG images, the malware could evade detection by antivirus software.

The SDK module also employed obfuscation techniques, such as the use of the OLLVM tool, to hide its true purpose. Obfuscation makes the code more difficult to analyze, further complicating efforts to detect and remove the malware.

Command-and-Control Communication

Once the device is infected, it establishes communication with a command-and-control server. This server sends encrypted instructions to the infected device, which can include downloading additional payloads or executing specific tasks. The malware uses encrypted JSON data to transmit information about the compromised device, making it challenging for security researchers to trace and analyze its behavior.

The Impact of Necro Malware on Infected Devices

Adware and Subscription Fraud

One of the most immediate effects of Necro is the display of unwanted ads through invisible WebView windows. These ads are shown in the background, generating fraudulent revenue for the attackers without the user’s knowledge. Additionally, Necro can facilitate subscription fraud, where users are unknowingly signed up for paid services, racking up charges on their accounts.

Elevated System Privileges

Necro is designed to operate with elevated system privileges, giving it significant control over the infected device. This includes the ability to download and execute arbitrary code, modify system files, and bypass security measures. By exploiting vulnerabilities in Android’s WebView component, Necro can run malicious code with enhanced privileges, further increasing its ability to cause harm.

Infected Devices as Proxies for Malicious Traffic

Another concerning feature of Necro is its ability to turn infected devices into proxies for routing malicious traffic. This makes it harder for law enforcement and cybersecurity experts to trace the origin of attacks, as the malicious activity appears to come from legitimate devices scattered around the world.

Which Apps Were Infected?

Wuta Camera

One of the apps identified as being infected with Necro was Wuta Camera, a popular photo editing app with over 10 million downloads. The malicious SDK was embedded in versions 6.3.2.148 through 6.3.6.148. Although the app has since been updated to remove the malware, any device that installed these versions remains at risk of infection.

Max Browser

Another app compromised by Necro was Max Browser, a web browsing app with over 1 million downloads. Unlike Wuta Camera, Max Browser was removed from Google Play following Kaspersky’s report. However, users who had already downloaded the app remain vulnerable, as no clean version is available for upgrade.

Necro Beyond Google Play

Infection via Modified Versions of Popular Apps

While Google Play remains a significant distribution channel for Necro, the malware has also spread through modified versions of popular apps. These “mods” are often found on unofficial app stores and websites, promising enhanced features like ad-free Spotify or modified versions of WhatsApp with extended privacy settings. In reality, these modified apps often come bundled with Necro malware, infecting unsuspecting users who download them.

High-Risk Apps Identified

Some of the high-risk apps identified by researchers include:

  • GBWhatsApp and FMWhatsApp: Modified versions of WhatsApp with extended file-sharing limits and enhanced privacy features.
  • Spotify Plus: A modified version of Spotify that promises free, ad-free premium access.
  • Minecraft Mods: Mods for popular games like Minecraft, Stumble Guys, and Car Parking Multiplayer that are infected with Necro.

These apps are often distributed through unofficial websites, making it difficult to track the full extent of the infections.

How to Protect Your Device from Necro

Uninstall Infected Apps

If you have downloaded Wuta Camera or Max Browser, the first step is to uninstall the app immediately. This will prevent further malicious activity and stop the malware from spreading to other apps or devices.

Run a Security Scan

Next, run a security scan using a reputable antivirus app. Many antivirus programs can detect and remove Necro and its associated payloads, helping to clean your device of any lingering malware.

Enable Google Play Protect

Google Play Protect is a built-in security feature that scans apps for malware before they are installed. Make sure this feature is enabled to help prevent future infections. If you have disabled it for any reason, now is the time to turn it back on.

Be Wary of Third-Party App Stores

Avoid downloading apps from third-party app stores or unofficial websites. These sources are not subject to the same security standards as Google Play, making them more likely to distribute malware-infected apps.

Conclusion

The re-emergence of Necro malware highlights the growing sophistication of mobile malware threats. With 11 million devices infected through Google Play, it’s clear that even trusted platforms are not immune to malware attacks. By understanding how Necro operates and taking steps to protect your device, you can reduce your risk of falling victim to this dangerous malware.

FAQs

1. What is Necro malware?

Necro is a family of malware that targets Android devices. It spreads through legitimate apps, infecting devices by embedding malicious code into the app’s SDK.

2. How does Necro infect devices?

Necro infects devices through legitimate apps, primarily using malicious SDKs. It can also spread through modified versions of popular apps available on unofficial app stores.

3. What should I do if I think my device is infected?

If you suspect your device is infected, uninstall any apps you believe may be compromised, run a security scan using a reputable antivirus program, and ensure that Google Play Protect is enabled.

4. How does Necro use steganography?

Necro uses steganography to hide malicious code within images. This makes it more difficult for antivirus programs to detect the malware, as it appears to be part of a harmless image file.

5. Are apps on Google Play safe?

While Google Play is generally considered safe, it’s not immune to malware. Always check app reviews and permissions, and enable Google Play Protect to add an extra layer of security.

Source: Google News

Read more blogs: Alitech Blog

www.hostingbyalitech.com

www.patriotsengineering.com

www.engineer.org.pk

Posted in News on Sep 24, 2024



How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025

Researchers at the University of Bristol have developed an innovative app for Android smartwatches to help smokers quit. The app detects specific hand movements associated with smoking and delivers supportive messages to the user, providing a gentle nudge to avoid lighting up



Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024

Looking for affordable web hosting solutions in Pakistan? Dive into our comprehensive guide to find the best options for your website without breaking the bank.



New Samsung Update Warning for Millions of Galaxy Owners: Check Your Phone Now

Posted in News on Oct 28, 2024

Samsung Galaxy owners are facing increased security risks due to delayed software updates and newly discovered vulnerabilities. October's security patch addressed some critical threats, particularly for devices using Exynos processors, but a new vulnerability in Qualcomm chipsets has emerged. Galaxy users should urgently update their devices to protect personal data from unauthorized access. In this blog, learn about Samsung's latest security concerns, including Amnesty International's warnings on targeted attacks and CISA's latest updates. Staying proactive with software updates is essential to keep your device secure in today’s digital landscape.



CES 2025: Everything You Need to Know About the Biggest Tech Show

Posted in News on Jan 03, 2025

CES 2025 is set to unveil groundbreaking innovations in technology, from AI advancements to the latest in electric vehicles and smart home devices. Industry leaders like Nvidia and AMD are expected to showcase their newest GPU technologies, while startups present revolutionary solutions for the future. This year, sustainability and AI-powered gadgets take center stage, offering a glimpse into the future of tech. Whether it's the next-gen display technologies, autonomous systems, or wellness trackers, CES 2025 promises to be a hub of excitement and new ideas that could redefine how we live and interact with technology.



New XEC Covid Variant Spreads To 27 Countries: Here's What We Know So Far

Posted in News on Sep 18, 2024

The new Covid-19 variant, XEC, has been making waves since its initial discovery in Germany this June. A hybrid of the omicron subvariants KS.1.1 and KP.3.3, XEC has now been detected in 27 countries, with around 500 samples identified worldwide. This variant has shown a marked increase in transmissibility, leading scientists to monitor its spread closely. While symptoms of XEC resemble those of earlier variants—such as fever, sore throat, and body aches—existing vaccines are expected to provide strong protection against severe illness. With XEC potentially becoming the dominant strain this winter, staying updated with vaccinations and maintaining good hygiene practices are crucial for staying protected.



[SOLVED / FIXED] : File Explorer is crashing on right click Windows 10 | Windows 8 | Windows 7 | Windows XP

Posted in Technical Solutions on Apr 01, 2021

[SOLVED] : File Explorer is crashing on right click Windows 10 Issue: When you right click on File Explorer sidebar with Windows Explorer / File Explorer crashes.



AliTech WordPress Hosting: Unmatched Performance for Your WordPress Sites 2024

Posted in About Hosting by AliTech on Aug 22, 2024

Explore the benefits of AliTech WordPress Hosting, designed for extreme performance and reliability. With SSD storage, instant provisioning, and guaranteed resources, AliTech offers tailored hosting solutions to meet the needs of any WordPress site. Whether you're starting with the Bronze plan or scaling up to Titanium, discover how AliTech provides the power and flexibility to keep your site running smoothly and efficiently.



Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024

Choosing an SEO-friendly domain name is crucial for your website's success. This comprehensive guide explores the importance of domain names in SEO, provides actionable tips for selecting the best domain, and shares strategies to enhance your domain's SEO performance. Discover how to pick the right keywords, the benefits of short and simple domain names, and the role of trustworthy domain extensions. Learn how to create valuable content, build backlinks, and brand your domain effectively. Get insights into competitor domain analysis and whether you need to change your domain name for better SEO results.



Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025

Renewable energy offers a transformative potential to address the global energy crisis by leveraging sustainable resources like solar, wind, and hydropower. While advancements in technology and infrastructure have made clean energy more accessible and affordable, challenges such as intermittency, high initial costs, and outdated grids remain. Innovations like battery energy storage, decentralized grids, and agrivoltaics are helping to overcome these hurdles, paving the way for a greener, more reliable energy future. However, a comprehensive approach combining renewable energy, policy support, and technological breakthroughs is essential to create a sustainable and resilient global energy system.



Realme 13+ 5G Launched Today in Pakistan

Posted in News on Nov 18, 2024

The Realme 13+ 5G has officially launched in Pakistan, bringing an impressive array of features tailored for gamers, photography enthusiasts, and tech-savvy users. With the latest Dimensity 7300 Energy 5G chipset, a massive 26GB dynamic RAM, and a stunning 120Hz OLED display, this smartphone redefines performance and user experience. Its 50MP Sony LYT-600 OIS camera ensures professional-quality photography, while the 80W SUPERVOOC Charge provides unparalleled convenience for on-the-go lifestyles. Available from November 25th for PKR 89,999, the Realme 13+ 5G is set to be a game-changer in the mid-range smartphone market.



Meet Autumn 2024 Alibaba Cloud MVPs: A Spotlight on Farhan Ali Shah

Posted in News on Oct 01, 2024

The Autumn 2024 Alibaba Cloud MVP Program proudly welcomes a group of talented professionals, including Farhan Ali Shah, Director at AliTech Solutions. This article highlights their achievements and contributions to the cloud computing community. Alibaba Cloud MVPs are recognized for their expertise and commitment to sharing knowledge, playing a crucial role in driving digital transformation and innovation. Join us as we celebrate these leaders who are shaping the future of technology through their dedication and passion for cloud solutions.



CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025

Samsung’s AI-powered robot Ballie, a bright yellow rolling companion, is set to transform smart home technology in 2025. First introduced as a concept in 2020, Ballie combines cutting-edge AI personalization, advanced sensors, and seamless integration with smart home systems. Equipped with a built-in projector and Vision AI, it tailors its functions to suit individual lifestyles. From entertaining with movies and games to controlling devices through voice commands, Ballie acts as a versatile and interactive home assistant. Its official release marks a significant milestone in AI-driven living, offering a glimpse into the future of smarter, more connected homes.



Apple lands most profitable quarter of 2021

Posted in News on Jan 30, 2021

Revenue up 21 percent and EPS up 35 percent to new all-time records. Apple reported its largest-ever quarter when measured by revenue with $111.4 billion in Q4 revenue. This is impressive! Apple Inc cornered nearly a quarter of the global smartphone market in the fourth quarter, making it the world’s biggest seller. I still remember the discussions of not too long ago when many pundits questioned Apple’s iPhone strategy and future potential. Well... I guess here’s the answer!



Next-Gen VPS Servers

Posted in Uncategorized on Jul 04, 2024

Next-Gen VPS servers are revolutionizing the web hosting industry by offering unparalleled performance, scalability, and security. These servers utilize advanced technologies like high-speed SSD storage and optimized resource allocation to provide superior performance compared to traditional VPS. Ideal for hosting websites, running e-commerce platforms, and application development, Next-Gen VPS servers offer a cost-effective and flexible solution for businesses and developers. Discover the benefits and features of Next-Gen VPS servers and why they are the future of web hosting.



Understanding Next-Gen SDD Web Hosting and Its Benefits

Posted in Uncategorized on Jun 26, 2024

Discover the future of web hosting with Next-Gen SDD Web Hosting, featuring cutting-edge technology for enhanced speed and security. Learn how cPanel streamlines website management, and GMail Accounts enhance business communication. Additionally, explore the benefits of unlimited hosting plans, SFTP and SSL certificates for data security, Google G Suite for productivity, and web and app development for business growth. Finally, understand how SEO and SEM strategies optimize visibility, and digital marketing harnesses online potential.



ACME now uses ZeroSSL, here is what you need to do for your CyberPanel

Posted in Technical Solutions on Jun 07, 2024

Learn how to set up ZeroSSL for your CyberPanel as ACME now requires email registration. Follow this step-by-step guide to ensure smooth SSL configuration.



Gmail Users at Risk from AI-Powered Cyberattacks

Posted in News on Oct 14, 2024

In a rapidly evolving digital landscape, Gmail users are facing a new and alarming threat: AI-powered cyberattacks. These sophisticated scams leverage advanced technology to create realistic impersonations of Google support calls, tricking unsuspecting individuals into revealing personal information. This blog delves into the details of these AI-driven scams, sharing real-life accounts of victims and expert insights on how these tactics work. Through engaging narratives and practical advice, the blog aims to raise awareness about the importance of cybersecurity in the age of AI. Readers will learn how to identify suspicious communications, the significance of enabling robust security features, and essential steps to protect their accounts from phishing attempts. As cybercriminals continue to refine their techniques, staying informed and vigilant is more crucial than ever.



Tips For Minimizing Website Downtime

Posted in Technical Solutions on Jul 02, 2024

Learn effective strategies to minimize website downtime and ensure continuous online presence.




Other Blogs


How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025 and updated on Jan 02, 2025

Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024 and updated on Jun 07, 2024

New Samsung Update Warning for Millions of Galaxy Owners: Check Your Phone Now

Posted in News on Oct 28, 2024 and updated on Oct 28, 2024

CES 2025: Everything You Need to Know About the Biggest Tech Show

Posted in News on Jan 03, 2025 and updated on Jan 03, 2025

New XEC Covid Variant Spreads To 27 Countries: Here's What We Know So Far

Posted in News on Sep 18, 2024 and updated on Sep 18, 2024

Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024 and updated on Jul 30, 2024

Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025 and updated on Jan 10, 2025

Realme 13+ 5G Launched Today in Pakistan

Posted in News on Nov 18, 2024 and updated on Nov 18, 2024

Meet Autumn 2024 Alibaba Cloud MVPs: A Spotlight on Farhan Ali Shah

Posted in News on Oct 01, 2024 and updated on Oct 01, 2024

CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025 and updated on Jan 07, 2025

Apple lands most profitable quarter of 2021

Posted in News on Jan 30, 2021 and updated on Aug 26, 2022

Next-Gen VPS Servers

Posted in Uncategorized on Jul 04, 2024 and updated on Jul 04, 2024

Understanding Next-Gen SDD Web Hosting and Its Benefits

Posted in Uncategorized on Jun 26, 2024 and updated on Jun 26, 2024

Gmail Users at Risk from AI-Powered Cyberattacks

Posted in News on Oct 14, 2024 and updated on Oct 14, 2024

Tips For Minimizing Website Downtime

Posted in Technical Solutions on Jul 02, 2024 and updated on Jul 02, 2024

Next-Gen VPS Servers

Posted in Uncategorized on Jul 04, 2024

Next-Gen VPS Servers

Posted in Uncategorized on Jul 04, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons