11 Million Devices Infected with Botnet Malware Hosted in Google Play: A Detailed Overview



Introduction

Google Play, the trusted app store for Android devices, has faced multiple security breaches over the years. One of the most alarming is the infiltration of malware through legitimate apps. Recently, a new wave of malware, known as Necro, has emerged, affecting over 11 million devices. This article delves into how Necro infiltrated Google Play, the techniques it uses, and the consequences of its spread.

The Re-Emergence of Necro: A Familiar Threat

What is Necro Malware?

Necro is a notorious malware family known for its stealth and modular nature. First identified in 2019, Necro has evolved to become more sophisticated, with its latest version now using advanced methods like steganography (a technique that hides malicious data within seemingly harmless files) to infect devices. This malware is particularly dangerous because it can spread through legitimate apps available in Google Play, making it harder to detect and avoid.

Necro’s Infiltration of Google Play in 2019

In 2019, researchers discovered that a seemingly legitimate Android app on Google Play had been secretly infected with malware. This malware was embedded through a Software Development Kit (SDK) used by developers to generate advertising revenue. Once integrated into the app, the SDK allowed attackers to control infected devices, enabling them to download and execute hidden payloads. This caused millions of devices to be connected to attacker-controlled servers.

Necro's Return in 2024

Fast forward to 2024, and Necro is back, infecting over 11 million devices. This time, researchers from the security firm Kaspersky found that two popular apps—Wuta Camera and Max Browser—had been compromised. The malware was distributed through a malicious SDK, once again using legitimate apps as a vehicle for infection.

How Necro Malware Infects Devices

The Role of Malicious SDKs

Software Development Kits (SDKs) are essential tools for app developers, offering ready-made solutions for common tasks like displaying ads or managing user interactions. Unfortunately, these SDKs can be exploited, as was the case with Necro. The malicious SDK embedded in apps like Wuta Camera and Max Browser allowed attackers to remotely control infected devices. Once installed, the apps would communicate with attacker-controlled servers, downloading malicious code that could be executed at any time.

Stealthy Techniques: Steganography and Obfuscation

Necro uses sophisticated techniques to remain undetected. One of the standout methods is steganography, where malicious data is hidden within seemingly benign images. This method is rarely seen in mobile malware but was used by Necro to download additional payloads from attacker-controlled servers. By embedding malicious code within PNG images, the malware could evade detection by antivirus software.

The SDK module also employed obfuscation techniques, such as the use of the OLLVM tool, to hide its true purpose. Obfuscation makes the code more difficult to analyze, further complicating efforts to detect and remove the malware.

Command-and-Control Communication

Once the device is infected, it establishes communication with a command-and-control server. This server sends encrypted instructions to the infected device, which can include downloading additional payloads or executing specific tasks. The malware uses encrypted JSON data to transmit information about the compromised device, making it challenging for security researchers to trace and analyze its behavior.

The Impact of Necro Malware on Infected Devices

Adware and Subscription Fraud

One of the most immediate effects of Necro is the display of unwanted ads through invisible WebView windows. These ads are shown in the background, generating fraudulent revenue for the attackers without the user’s knowledge. Additionally, Necro can facilitate subscription fraud, where users are unknowingly signed up for paid services, racking up charges on their accounts.

Elevated System Privileges

Necro is designed to operate with elevated system privileges, giving it significant control over the infected device. This includes the ability to download and execute arbitrary code, modify system files, and bypass security measures. By exploiting vulnerabilities in Android’s WebView component, Necro can run malicious code with enhanced privileges, further increasing its ability to cause harm.

Infected Devices as Proxies for Malicious Traffic

Another concerning feature of Necro is its ability to turn infected devices into proxies for routing malicious traffic. This makes it harder for law enforcement and cybersecurity experts to trace the origin of attacks, as the malicious activity appears to come from legitimate devices scattered around the world.

Which Apps Were Infected?

Wuta Camera

One of the apps identified as being infected with Necro was Wuta Camera, a popular photo editing app with over 10 million downloads. The malicious SDK was embedded in versions 6.3.2.148 through 6.3.6.148. Although the app has since been updated to remove the malware, any device that installed these versions remains at risk of infection.

Max Browser

Another app compromised by Necro was Max Browser, a web browsing app with over 1 million downloads. Unlike Wuta Camera, Max Browser was removed from Google Play following Kaspersky’s report. However, users who had already downloaded the app remain vulnerable, as no clean version is available for upgrade.

Necro Beyond Google Play

Infection via Modified Versions of Popular Apps

While Google Play remains a significant distribution channel for Necro, the malware has also spread through modified versions of popular apps. These “mods” are often found on unofficial app stores and websites, promising enhanced features like ad-free Spotify or modified versions of WhatsApp with extended privacy settings. In reality, these modified apps often come bundled with Necro malware, infecting unsuspecting users who download them.

High-Risk Apps Identified

Some of the high-risk apps identified by researchers include:

  • GBWhatsApp and FMWhatsApp: Modified versions of WhatsApp with extended file-sharing limits and enhanced privacy features.
  • Spotify Plus: A modified version of Spotify that promises free, ad-free premium access.
  • Minecraft Mods: Mods for popular games like Minecraft, Stumble Guys, and Car Parking Multiplayer that are infected with Necro.

These apps are often distributed through unofficial websites, making it difficult to track the full extent of the infections.

How to Protect Your Device from Necro

Uninstall Infected Apps

If you have downloaded Wuta Camera or Max Browser, the first step is to uninstall the app immediately. This will prevent further malicious activity and stop the malware from spreading to other apps or devices.

Run a Security Scan

Next, run a security scan using a reputable antivirus app. Many antivirus programs can detect and remove Necro and its associated payloads, helping to clean your device of any lingering malware.

Enable Google Play Protect

Google Play Protect is a built-in security feature that scans apps for malware before they are installed. Make sure this feature is enabled to help prevent future infections. If you have disabled it for any reason, now is the time to turn it back on.

Be Wary of Third-Party App Stores

Avoid downloading apps from third-party app stores or unofficial websites. These sources are not subject to the same security standards as Google Play, making them more likely to distribute malware-infected apps.

Conclusion

The re-emergence of Necro malware highlights the growing sophistication of mobile malware threats. With 11 million devices infected through Google Play, it’s clear that even trusted platforms are not immune to malware attacks. By understanding how Necro operates and taking steps to protect your device, you can reduce your risk of falling victim to this dangerous malware.

FAQs

1. What is Necro malware?

Necro is a family of malware that targets Android devices. It spreads through legitimate apps, infecting devices by embedding malicious code into the app’s SDK.

2. How does Necro infect devices?

Necro infects devices through legitimate apps, primarily using malicious SDKs. It can also spread through modified versions of popular apps available on unofficial app stores.

3. What should I do if I think my device is infected?

If you suspect your device is infected, uninstall any apps you believe may be compromised, run a security scan using a reputable antivirus program, and ensure that Google Play Protect is enabled.

4. How does Necro use steganography?

Necro uses steganography to hide malicious code within images. This makes it more difficult for antivirus programs to detect the malware, as it appears to be part of a harmless image file.

5. Are apps on Google Play safe?

While Google Play is generally considered safe, it’s not immune to malware. Always check app reviews and permissions, and enable Google Play Protect to add an extra layer of security.

Source: Google News

Read more blogs: Alitech Blog

www.hostingbyalitech.com

www.patriotsengineering.com

www.engineer.org.pk

Posted in News on Sep 24, 2024



Domain Name: Your Gateway to Online Success

Posted in Uncategorized on Jul 03, 2024

A domain name is more than just an address on the internet; it's a crucial part of your online identity. This comprehensive guide covers everything you need to know about domain names, from choosing the right one to understanding its impact on your branding and SEO. Learn about different types of domains, how to register and protect them, and the future trends in the domain landscape. Discover the secrets to selecting a memorable and relevant domain name that will set you up for online success.



Understanding Next-Gen SDD Web Hosting and Its Benefits

Posted in Uncategorized on Jun 26, 2024

Discover the future of web hosting with Next-Gen SDD Web Hosting, featuring cutting-edge technology for enhanced speed and security. Learn how cPanel streamlines website management, and GMail Accounts enhance business communication. Additionally, explore the benefits of unlimited hosting plans, SFTP and SSL certificates for data security, Google G Suite for productivity, and web and app development for business growth. Finally, understand how SEO and SEM strategies optimize visibility, and digital marketing harnesses online potential.



Hosting by AliTech: Winner of CorporateVision's Global Business Award 2022

Posted in News on Jun 07, 2024

Discover how Hosting by AliTech emerged as the 'Best Affordable Web Hosting Provider 2022 - Pakistan' and won the prestigious Global Business Award. Explore our commitment to providing top-notch web hosting solutions at affordable prices and empowering businesses to establish a strong online presence.



How to Install Python 3.10 on Ubuntu 20.04 LTS & Ubuntu 18.04

Posted in Technical Solutions on Jan 02, 2022

How to Install Python 3.10 on Ubuntu 20.04 LTS & Ubuntu 18.04 Python is a programming language that lets you work more quickly and integrate...



Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024

Pakistan's government is set to implement a nationwide firewall, sparking concerns about internet censorship and restrictions on online dissent. The firewall will monitor and control internet usage, targeting social media platforms and regulating VPNs. With a history of internet restrictions, this move raises questions about the future of free expression and democratic engagement in Pakistan. Key Points: Pakistan's national firewall will control access to social media platforms and monitor online activities The firewall aims to track and control internet usage, including VPNs Lack of transparency surrounding the project's scope and implications International concerns about the impact on freedom of expression and democratic principles Experts warn of potential risks to online privacy and security Read the full article to learn more about Pakistan's national firewall and its implications for internet freedom.



Webcam Hacking and Stalking: Myth or Reality?

Posted in News on Dec 25, 2024

Webcam hacking is a growing concern in the digital world, with hackers exploiting vulnerabilities in webcams to gain unauthorized access to private spaces. But how real is this threat, and should you be worried? From phishing emails to malware and Trojan horse programs, hackers are using various techniques to breach webcams and invade individuals' privacy. With real-life cases of webcam hacking and stalking on the rise, it's essential to understand the risks and take precautions to protect your privacy and security.



General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024

General Motors (GM) has announced the layoff of over 1,000 salaried employees from its software and services divisions, signaling a major shift in its strategic focus. The cuts, affecting both domestic and international positions, come as GM aims to streamline operations and prioritize high-impact projects such as enhancing its Super Cruise driver assistance system and exploring artificial intelligence. This move follows a review after the departure of former executive Mike Abbott and reflects GM's broader push towards innovation in the rapidly evolving automotive sector.



Unbeatable Prices and Performance: HostingbyAliTech's Cloud Hosting

Posted in Hosting Promotions on Jun 07, 2024

HostingbyAliTech offers low-cost cloud web hosting with optimized performance using CyberPanel and LiteSpeed, making it the top choice for quality and speed-conscious clients since 2020.



Hosting by AliTech User & Reseller Portal - 2021

Posted in About Hosting by AliTech, News on Oct 17, 2021

Hosting by AliTech User & Reseller Portal coming soon stay tuned. https://bit.ly/3tm3kZ3 https://www.hostingbyalitech.com #hostingbyalitech #alitechsolutions #userportal #resellerportal #coming #soon



Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024

Microsoft, a giant in the tech industry, recently posted quarterly earnings that exceeded market expectations, but its cloud revenue growth left investors less than impressed. The announcement highlighted a forecast for slower growth in Azure, Microsoft’s cloud computing platform, sparking concerns about the company’s ability to keep up with surging demand for AI services. This shift has implications not just for Microsoft’s revenue trajectory but also for its position in the competitive tech landscape. Here’s a closer look at what’s behind this surprising turn of events



ChatGPT Project Strawberry: What We Know About OpenAI’s Reasoning AI

Posted in News on Sep 12, 2024

As the world of AI continues to evolve, OpenAI remains at the forefront with exciting new developments. One of the most anticipated projects on the horizon is Project Strawberry—a groundbreaking AI model focused on enhanced reasoning capabilities. Set to launch soon, Project Strawberry aims to push the boundaries of what AI can achieve, particularly in handling complex tasks and multi-step problem solving. While we are still piecing together the full details, here’s everything we know so far about OpenAI’s latest innovation.



Top 10 Tools to Boost Your Remote Work Productivity in 2024

Posted in Uncategorized on Jul 23, 2024

Discover the top 10 essential tools and apps that will transform your remote work experience. From streamlining project management with Asana and Trello to enhancing communication with Slack and Microsoft Teams, this guide covers everything you need to stay productive and connected. Explore cloud storage solutions like Google Drive and Dropbox, time tracking apps such as Toggl Track and Clockify, and focus tools like Freedom and Forest. Plus, find out how password managers, scheduling tools, and wellbeing apps can support your remote work journey. Elevate your productivity and make the most of your remote work setup with these top picks for 2024.



Amazon Brings Generative AI-Powered Recaps to Prime Video

Posted in News on Nov 05, 2024

Amazon Prime Video has launched X-Ray Recaps, an AI-driven feature that gives viewers quick, spoiler-free summaries of TV episodes or entire seasons. Initially available for U.S. Fire TV users, the feature helps viewers catch up on plot points without revealing future events. Powered by Amazon's AI technology, including Amazon Bedrock and SageMaker, X-Ray Recaps expands on Prime Video’s X-Ray feature, which provides cast info and trivia, by offering precise, real-time plot recaps at any point during viewing.



The Importance of Cybersecurity in the Modern World of Web Hosting and Domain Names

Posted in Uncategorized on Jul 15, 2024

In today's digital age, cybersecurity is vital for protecting web hosting and domain names from various threats such as malware, phishing attacks, and data breaches. This article explores the importance of cybersecurity, offering insights and actionable steps to safeguard your online presence.



Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024

Choosing an SEO-friendly domain name is crucial for your website's success. This comprehensive guide explores the importance of domain names in SEO, provides actionable tips for selecting the best domain, and shares strategies to enhance your domain's SEO performance. Discover how to pick the right keywords, the benefits of short and simple domain names, and the role of trustworthy domain extensions. Learn how to create valuable content, build backlinks, and brand your domain effectively. Get insights into competitor domain analysis and whether you need to change your domain name for better SEO results.



AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024

AI-powered web hosting leverages artificial intelligence technologies to manage, optimize, and enhance traditional web hosting experiences. It offers unparalleled benefits such as enhanced performance and speed, improved security measures, efficient resource management, and intelligent traffic analysis. This type of hosting integrates AI to predict traffic patterns, dynamically allocate resources, and ensure superior website performance. Businesses adopting AI-powered web hosting can expect faster load times, automated threat detection, and scalable solutions that cater to growing needs. As AI technology continues to evolve, the future of web hosting looks promising, offering even more sophisticated and efficient solutions.



AliTech Python Django Hosting: Unleash Extreme Performance for Your Web Projects

Posted in About Hosting by AliTech on Aug 21, 2024

Discover why AliTech's Python Django Hosting stands out for developers seeking extreme performance and reliability. With plans featuring SSD storage, instant provisioning, and guaranteed resources, AliTech provides the ideal environment for your Django applications. Whether you're starting with the Bronze plan or scaling up to Titanium, explore how AliTech’s hosting solutions offer unmatched speed, flexibility, and control to power your web projects.



Meta's Fight Against Celebrity Investment Scam Ads with Facial Recognition Technology

Posted in News on Oct 23, 2024

Meta, the parent company of Facebook and Instagram, has taken significant steps in its ongoing battle against celebrity investment scam ads by leveraging facial recognition technology. These scam ads often involve deepfake images of celebrities like Gina Rinehart and Guy Sebastian, tricking users into believing false endorsements. This new initiative aims to quickly and accurately detect these fraudulent ads and remove them before they reach unsuspecting users.




Other Blogs


Domain Name: Your Gateway to Online Success

Posted in Uncategorized on Jul 03, 2024 and updated on Jul 03, 2024

Understanding Next-Gen SDD Web Hosting and Its Benefits

Posted in Uncategorized on Jun 26, 2024 and updated on Jun 26, 2024

Hosting by AliTech: Winner of CorporateVision's Global Business Award 2022

Posted in News on Jun 07, 2024 and updated on Jun 07, 2024

How to Install Python 3.10 on Ubuntu 20.04 LTS & Ubuntu 18.04

Posted in Technical Solutions on Jan 02, 2022 and updated on Jan 02, 2022

Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024 and updated on Aug 19, 2024

Webcam Hacking and Stalking: Myth or Reality?

Posted in News on Dec 25, 2024 and updated on Dec 25, 2024

General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024 and updated on Aug 20, 2024

Unbeatable Prices and Performance: HostingbyAliTech's Cloud Hosting

Posted in Hosting Promotions on Jun 07, 2024 and updated on Jun 07, 2024

Hosting by AliTech User & Reseller Portal - 2021

Posted in About Hosting by AliTech, News on Oct 17, 2021 and updated on Mar 14, 2022

Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024 and updated on Oct 31, 2024

ChatGPT Project Strawberry: What We Know About OpenAI’s Reasoning AI

Posted in News on Sep 12, 2024 and updated on Sep 12, 2024

Top 10 Tools to Boost Your Remote Work Productivity in 2024

Posted in Uncategorized on Jul 23, 2024 and updated on Jul 23, 2024

Amazon Brings Generative AI-Powered Recaps to Prime Video

Posted in News on Nov 05, 2024 and updated on Nov 05, 2024

Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024 and updated on Jul 30, 2024

AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024 and updated on Jul 10, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons