Legitimate apps on Google play are being used to spread a new version of Necro Android malware. The malware capable of downloading Adware to sign up users to subscriptions without their knowledge and use devices to funnel malicious traffic was spread through advertising development kits used by legitimate apps. These included apps like Spotify, WhatsApp, and Minecraft, a report from Bleeping Computer said.
The malware reportedly infected 11 million devices via Google Play.
The malware, first discovered by researchers at Kaspersky, hides its malicious activities and downloads a payload on the impacted devices. The payload disguises itself as harmless PNG images, which are then used for malicious purposes.
Outside the Play Store, the malware is primarily spread through modified promising free subscriptions or improved user experience of popular apps that are distributed through unofficial websites.
Some of the mods that were found infected with the malware include WhatsApp mods that promise better privacy controls and extended file-sharing limits. Another is the Spotify mod, that promises free access to ad-free premium services.
Researchers also found mods of popular online games including mods of Minecraft, Stumble Guys, Car Parking, and Melon Sandbox. And since unofficial Android app stores do not report download numbers, the exact extent of infected devices is yet to be ascertained.
Published - September 24, 2024 01:16 pm IST