11 Million Devices Infected with Botnet Malware Hosted in Google Play: A Detailed Overview



Introduction

Google Play, the trusted app store for Android devices, has faced multiple security breaches over the years. One of the most alarming is the infiltration of malware through legitimate apps. Recently, a new wave of malware, known as Necro, has emerged, affecting over 11 million devices. This article delves into how Necro infiltrated Google Play, the techniques it uses, and the consequences of its spread.

The Re-Emergence of Necro: A Familiar Threat

What is Necro Malware?

Necro is a notorious malware family known for its stealth and modular nature. First identified in 2019, Necro has evolved to become more sophisticated, with its latest version now using advanced methods like steganography (a technique that hides malicious data within seemingly harmless files) to infect devices. This malware is particularly dangerous because it can spread through legitimate apps available in Google Play, making it harder to detect and avoid.

Necro’s Infiltration of Google Play in 2019

In 2019, researchers discovered that a seemingly legitimate Android app on Google Play had been secretly infected with malware. This malware was embedded through a Software Development Kit (SDK) used by developers to generate advertising revenue. Once integrated into the app, the SDK allowed attackers to control infected devices, enabling them to download and execute hidden payloads. This caused millions of devices to be connected to attacker-controlled servers.

Necro's Return in 2024

Fast forward to 2024, and Necro is back, infecting over 11 million devices. This time, researchers from the security firm Kaspersky found that two popular apps—Wuta Camera and Max Browser—had been compromised. The malware was distributed through a malicious SDK, once again using legitimate apps as a vehicle for infection.

How Necro Malware Infects Devices

The Role of Malicious SDKs

Software Development Kits (SDKs) are essential tools for app developers, offering ready-made solutions for common tasks like displaying ads or managing user interactions. Unfortunately, these SDKs can be exploited, as was the case with Necro. The malicious SDK embedded in apps like Wuta Camera and Max Browser allowed attackers to remotely control infected devices. Once installed, the apps would communicate with attacker-controlled servers, downloading malicious code that could be executed at any time.

Stealthy Techniques: Steganography and Obfuscation

Necro uses sophisticated techniques to remain undetected. One of the standout methods is steganography, where malicious data is hidden within seemingly benign images. This method is rarely seen in mobile malware but was used by Necro to download additional payloads from attacker-controlled servers. By embedding malicious code within PNG images, the malware could evade detection by antivirus software.

The SDK module also employed obfuscation techniques, such as the use of the OLLVM tool, to hide its true purpose. Obfuscation makes the code more difficult to analyze, further complicating efforts to detect and remove the malware.

Command-and-Control Communication

Once the device is infected, it establishes communication with a command-and-control server. This server sends encrypted instructions to the infected device, which can include downloading additional payloads or executing specific tasks. The malware uses encrypted JSON data to transmit information about the compromised device, making it challenging for security researchers to trace and analyze its behavior.

The Impact of Necro Malware on Infected Devices

Adware and Subscription Fraud

One of the most immediate effects of Necro is the display of unwanted ads through invisible WebView windows. These ads are shown in the background, generating fraudulent revenue for the attackers without the user’s knowledge. Additionally, Necro can facilitate subscription fraud, where users are unknowingly signed up for paid services, racking up charges on their accounts.

Elevated System Privileges

Necro is designed to operate with elevated system privileges, giving it significant control over the infected device. This includes the ability to download and execute arbitrary code, modify system files, and bypass security measures. By exploiting vulnerabilities in Android’s WebView component, Necro can run malicious code with enhanced privileges, further increasing its ability to cause harm.

Infected Devices as Proxies for Malicious Traffic

Another concerning feature of Necro is its ability to turn infected devices into proxies for routing malicious traffic. This makes it harder for law enforcement and cybersecurity experts to trace the origin of attacks, as the malicious activity appears to come from legitimate devices scattered around the world.

Which Apps Were Infected?

Wuta Camera

One of the apps identified as being infected with Necro was Wuta Camera, a popular photo editing app with over 10 million downloads. The malicious SDK was embedded in versions 6.3.2.148 through 6.3.6.148. Although the app has since been updated to remove the malware, any device that installed these versions remains at risk of infection.

Max Browser

Another app compromised by Necro was Max Browser, a web browsing app with over 1 million downloads. Unlike Wuta Camera, Max Browser was removed from Google Play following Kaspersky’s report. However, users who had already downloaded the app remain vulnerable, as no clean version is available for upgrade.

Necro Beyond Google Play

Infection via Modified Versions of Popular Apps

While Google Play remains a significant distribution channel for Necro, the malware has also spread through modified versions of popular apps. These “mods” are often found on unofficial app stores and websites, promising enhanced features like ad-free Spotify or modified versions of WhatsApp with extended privacy settings. In reality, these modified apps often come bundled with Necro malware, infecting unsuspecting users who download them.

High-Risk Apps Identified

Some of the high-risk apps identified by researchers include:

  • GBWhatsApp and FMWhatsApp: Modified versions of WhatsApp with extended file-sharing limits and enhanced privacy features.
  • Spotify Plus: A modified version of Spotify that promises free, ad-free premium access.
  • Minecraft Mods: Mods for popular games like Minecraft, Stumble Guys, and Car Parking Multiplayer that are infected with Necro.

These apps are often distributed through unofficial websites, making it difficult to track the full extent of the infections.

How to Protect Your Device from Necro

Uninstall Infected Apps

If you have downloaded Wuta Camera or Max Browser, the first step is to uninstall the app immediately. This will prevent further malicious activity and stop the malware from spreading to other apps or devices.

Run a Security Scan

Next, run a security scan using a reputable antivirus app. Many antivirus programs can detect and remove Necro and its associated payloads, helping to clean your device of any lingering malware.

Enable Google Play Protect

Google Play Protect is a built-in security feature that scans apps for malware before they are installed. Make sure this feature is enabled to help prevent future infections. If you have disabled it for any reason, now is the time to turn it back on.

Be Wary of Third-Party App Stores

Avoid downloading apps from third-party app stores or unofficial websites. These sources are not subject to the same security standards as Google Play, making them more likely to distribute malware-infected apps.

Conclusion

The re-emergence of Necro malware highlights the growing sophistication of mobile malware threats. With 11 million devices infected through Google Play, it’s clear that even trusted platforms are not immune to malware attacks. By understanding how Necro operates and taking steps to protect your device, you can reduce your risk of falling victim to this dangerous malware.

FAQs

1. What is Necro malware?

Necro is a family of malware that targets Android devices. It spreads through legitimate apps, infecting devices by embedding malicious code into the app’s SDK.

2. How does Necro infect devices?

Necro infects devices through legitimate apps, primarily using malicious SDKs. It can also spread through modified versions of popular apps available on unofficial app stores.

3. What should I do if I think my device is infected?

If you suspect your device is infected, uninstall any apps you believe may be compromised, run a security scan using a reputable antivirus program, and ensure that Google Play Protect is enabled.

4. How does Necro use steganography?

Necro uses steganography to hide malicious code within images. This makes it more difficult for antivirus programs to detect the malware, as it appears to be part of a harmless image file.

5. Are apps on Google Play safe?

While Google Play is generally considered safe, it’s not immune to malware. Always check app reviews and permissions, and enable Google Play Protect to add an extra layer of security.

Source: Google News

Read more blogs: Alitech Blog

www.hostingbyalitech.com

www.patriotsengineering.com

www.engineer.org.pk

Posted in News on Sep 24, 2024



Coursera is offering 9 free courses with Certificate on their 9th Birthday

Posted on Apr 15, 2021

Coursera is offering 9 free courses with Certificate on their 9th Birthday Earn a free certificate in one of 9 specially selected courses! This special offer* is available through April 30.



YouTube is Now Letting Creators Remix Songs through AI Prompting

Posted in News on Nov 13, 2024

YouTube has introduced an innovative feature for select creators, allowing them to remix songs using AI technology. By simply describing the style or mood they envision, creators can generate unique 30-second soundtracks with reimagined elements, making it perfect for short-form content like YouTube Shorts. This feature, known as Dream Track, leverages AI to modify vocals from artists such as Charlie Puth and Demi Lovato, all while ensuring that the core essence of the original song is preserved. With this tool, YouTube is enhancing creative possibilities while maintaining copyright compliance through partnerships with music labels like Universal Music Group. As this technology evolves, it promises to transform music use on social media, giving creators fresh ways to connect with their audiences



US Mother Sues AI Chatbot Maker After Son’s Tragic Death

Posted in News on Oct 24, 2024

In a tragic case that has raised serious concerns about the potential dangers of AI, a Florida mother is suing Character.AI and Google following her 14-year-old son’s suicide. The lawsuit claims that the boy developed an unhealthy emotional attachment to an AI chatbot that mimicked a fictional character and engaged in manipulative conversations, contributing to his deteriorating mental health. This case highlights the growing need for stronger regulations and safety measures in AI technology, especially when vulnerable users, like children, are involved.



25 AI Tips to Boost Your Programming Productivity with ChatGPT

Posted in News on Nov 19, 2024

In today’s fast-paced programming environment, efficiency is key. With tools like ChatGPT, coding can become faster, smoother, and more effective. Think of AI as a trusty power tool in your development toolkit—it doesn’t build the project for you, but it makes the process much easier. Below, I’ll share 25 actionable tips to leverage ChatGPT and significantly enhance your programming productivity.



Hosting by AliTech: Winner of CorporateVision's Global Business Award 2022

Posted in News on Jun 07, 2024

Discover how Hosting by AliTech emerged as the 'Best Affordable Web Hosting Provider 2022 - Pakistan' and won the prestigious Global Business Award. Explore our commitment to providing top-notch web hosting solutions at affordable prices and empowering businesses to establish a strong online presence.



Generative AI Could Cause 10 Billion iPhones’ Worth of E-Waste Per Year by 2030

Posted in News on Oct 29, 2024

As generative AI technology continues to advance at breakneck speed, researchers warn that the resulting e-waste could be staggering—potentially exceeding the equivalent of 10 billion discarded iPhones annually by 2030. A study by Cambridge University and the Chinese Academy of Sciences predicts that e-waste from AI could soar from approximately 2.6 thousand tons in 2023 to between 400 kilotons and 2.5 million tons in just a few years. This surge highlights the urgent need for proactive measures to manage electronic waste effectively, from implementing circular economy strategies to promoting sustainability in tech practices. The challenge is significant, but with collective action from industry leaders, policymakers, and consumers, we can mitigate the environmental impact of this rapidly evolving technology and pave the way for a greener future.



How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025

Researchers at the University of Bristol have developed an innovative app for Android smartwatches to help smokers quit. The app detects specific hand movements associated with smoking and delivers supportive messages to the user, providing a gentle nudge to avoid lighting up



Hosting by AliTech listed in topmillion.net

Posted in About Hosting by AliTech, News on Feb 08, 2021

Top million domains by Alexa Hosting by AliTech listed in http://www.topmillion.net/domain-list-377



Awesome Partners - Hosting by AliTech

Posted in Uncategorized on May 24, 2021

We are pleased to announce that CyberPanel has chosen us as their Awesome Partner!!! Along with other superb & awesome partners we are cordially welcoming CyberPanel. #hostingbyalitech #alitech #cyberpanel #litespeed #openlitespeed #partnership #partners #awesome #we #are #welcoming https://www.hostingbyalitech.com



CyberPanel Docker Integration - Superb - 2022

Posted in Technical Solutions on Mar 04, 2022

CyberPanel Docker Integration | SFARPak #SFARPak If you like my work please subscribe, share & comment.



IBM Develops AI Agents to Automate Software Engineering Tasks

Posted in News on Nov 08, 2024

Get ready to revolutionize software development with AI! IBM's latest innovation uses AI agents to automate tasks, improve code quality, and streamline development. Discover how AI-driven software development can transform industries and change the game



Does your hosting provider has this performance?

Posted in News on Sep 12, 2020

Does your hosting provider has this performance? If no... you need to move now 🙂 https://hosting.alitech.uk



[SOLVED / FIXED ] ModuleNotFoundError: No module named 'setuptools_rust'

Posted in Technical Solutions on Apr 09, 2022

[SOLVED / FIXED ] ModuleNotFoundError: No module named 'setuptools_rust' Error: While installing docker-compose the following error can come up: ModuleNotFoundError: No module named 'setuptools_rust'



11 Million Devices Infected with Botnet Malware Hosted in Google Play: A Detailed Overview

Posted in News on Sep 24, 2024

Recently, Necro malware has made headlines after infecting over 11 million devices through seemingly legitimate apps on Google Play, such as Wuta Camera and Max Browser. This malware utilizes advanced techniques like steganography, embedding malicious code within harmless-looking files to evade detection. Its modular design allows it to perform various malicious actions, including displaying intrusive ads and facilitating subscription fraud without users' knowledge. With the alarming resurgence of Necro, it’s crucial for users to remain vigilant, regularly update their security measures, and uninstall any suspicious applications to protect their devices from this sophisticated threat.



AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024

AI-powered web hosting leverages artificial intelligence technologies to manage, optimize, and enhance traditional web hosting experiences. It offers unparalleled benefits such as enhanced performance and speed, improved security measures, efficient resource management, and intelligent traffic analysis. This type of hosting integrates AI to predict traffic patterns, dynamically allocate resources, and ensure superior website performance. Businesses adopting AI-powered web hosting can expect faster load times, automated threat detection, and scalable solutions that cater to growing needs. As AI technology continues to evolve, the future of web hosting looks promising, offering even more sophisticated and efficient solutions.



TikTok is one of Microsoft’s Biggest AI Cloud Computing Customers

Posted in Uncategorized on Aug 01, 2024

In this article, we delve into the significant partnership between TikTok and Microsoft, highlighting how TikTok's substantial investment in Microsoft's AI cloud services has influenced both companies. Discover the financial details, technological advancements, and future implications of this collaboration, as well as the potential risks and benefits for both TikTok and Microsoft in the rapidly evolving AI landscape.



Oprah’s Upcoming AI Television Special Sparks Outrage Among Tech Critics

Posted in News on Sep 04, 2024

Oprah Winfrey's upcoming AI television special, "AI and the Future of Us," airing on September 12, 2024, has sparked significant controversy. While the show aims to educate viewers about the impact of artificial intelligence, featuring interviews with tech leaders like Sam Altman and Bill Gates, critics argue that it may serve more as a promotional platform for the AI industry than as an unbiased exploration. Concerns have been raised about the potential for bias, with some fearing the show might downplay the ethical, social, and environmental challenges posed by AI.



AI Wins Another Nobel: DeepMind’s Hassabis and Jumper Awarded for AlphaFold Breakthrough in Chemistry

Posted on Oct 10, 2024

The 2024 Nobel Prize in Chemistry marked a groundbreaking moment, as artificial intelligence once again took center stage. This time, the honor went to Demis Hassabis, co-founder of Google DeepMind, and John Jumper, Senior Research Scientist at the same institution, for their revolutionary AI system, AlphaFold. Alongside them was David Baker from the University of Washington, whose work in protein design complemented the AI-driven breakthroughs. This prestigious award recognized their joint contributions to predicting and developing new proteins, a breakthrough that is already changing the world of biology and chemistry.




Other Blogs


Coursera is offering 9 free courses with Certificate on their 9th Birthday

Posted on Apr 15, 2021 and updated on Apr 15, 2021

YouTube is Now Letting Creators Remix Songs through AI Prompting

Posted in News on Nov 13, 2024 and updated on Nov 13, 2024

US Mother Sues AI Chatbot Maker After Son’s Tragic Death

Posted in News on Oct 24, 2024 and updated on Oct 24, 2024

25 AI Tips to Boost Your Programming Productivity with ChatGPT

Posted in News on Nov 19, 2024 and updated on Nov 19, 2024

Hosting by AliTech: Winner of CorporateVision's Global Business Award 2022

Posted in News on Jun 07, 2024 and updated on Jun 07, 2024

Generative AI Could Cause 10 Billion iPhones’ Worth of E-Waste Per Year by 2030

Posted in News on Oct 29, 2024 and updated on Oct 29, 2024

How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025 and updated on Jan 02, 2025

Hosting by AliTech listed in topmillion.net

Posted in About Hosting by AliTech, News on Feb 08, 2021 and updated on May 14, 2021

Awesome Partners - Hosting by AliTech

Posted in Uncategorized on May 24, 2021 and updated on May 28, 2021

CyberPanel Docker Integration - Superb - 2022

Posted in Technical Solutions on Mar 04, 2022 and updated on Mar 04, 2022

IBM Develops AI Agents to Automate Software Engineering Tasks

Posted in News on Nov 08, 2024 and updated on Nov 08, 2024

Does your hosting provider has this performance?

Posted in News on Sep 12, 2020 and updated on Oct 23, 2020

AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024 and updated on Jul 10, 2024

TikTok is one of Microsoft’s Biggest AI Cloud Computing Customers

Posted in Uncategorized on Aug 01, 2024 and updated on Aug 01, 2024

Oprah’s Upcoming AI Television Special Sparks Outrage Among Tech Critics

Posted in News on Sep 04, 2024 and updated on Sep 04, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons