If you have any of these infected apps on your Android phone, they must be uninstalled now
If you have a roll of Necco candy wafers in your pocket, you have a tasty snack at the ready. On the other hand, if you have an Android phone with the Necro malware in your pocket, you could be in for a bad time. A new version of the Necro Trojan malware has infected Play Store-listed Android apps and modifications iof popular apps and games such as WhatsApp and Spotify.
The Necro loader uses steganography to hide payloads. This is the practice of using another message or physical object to hide the payloads which can display ads in invisible windows generating cash for the attackers and hurting your phone by diminishing battery life, slowing performance, and making it run hot. It can also sign up the targeted phone to paid subscription services. The payloads can also download and execute arbitrary JavaScript and DEX files.
As an example of how this malware can infect your phone, last month security researchers at Kaspersky found a Spotify mod called Spotify Plus, version 18.9.40.5 that could be downloaded from a site flagged by Kaspersky as being dangerous. The original website made some claims including one stating that the app was safe, certified, and had several features not available from the official app. The research discovered that this Spotify mod contained Necro malware.
The Wuta Camera app was installed from the Google Play Store over 10 million times. | Image credit-Kaspersky
In the course of doing this research, Kaspersky discovered other apps infected with Necro including some available from the Play Store that were installed in over 11 million Android phones combined. One app alone in the Play Store, the Wuta Camera app, was downloaded over 10 million times. While Google eventually removed this app from the Play Store, if you installed it on your phone it would still be there and could cause problems for you and your phone. If you do have the Wuta Camera app on your Android device, delete it immediately.
The Max Browser app was installed over 1 million times from the Google Play Store. | Image credit-Kaspersky
Kaspersky also discovered a second Necro-infected Play Store app called Max Browser. This app was installed over one million times on Android via the Google Play Store and starting with version 12.0, the app contained Necro malware. Once again, Google removed the app from its Android app storefront, and once again we implore you to check to see if the app is on your Android phone. If it is, uninstall it ASAP.
A modified version of WhatsApp was also discovered containing the Necro loader. There is a legitimate app in the Play Store with the same package name but just offers stickers for the messaging app. Besides the Spotify and WhatsApp mods and the two Play Store apps, the malware was found in these game mods:
- Minecraft
- Stumble Guys
- Car Parking Multiplayer
- Melon Sandbox
The number of Necro malware attacks recently stopped by Kaspersky's tools and the region where they took place. | Image credit-Kaspersky
Once again, check your Android phone and if you have any of the apps listed below installed on the device, uninstall them ASAP. Kaspersky also recommends that you install apps from official sources only.
If you have any of these apps on your Android phone, uninstall them immediately. | Image credit-Kaspersky
Things that are NOT allowed: