Advertisement
Cybersecurity experts have uncovered that malware has managed to infiltrate the Google Play app store due to a compromised software development kit (SDK). This malware, named Necro, has affected at least 11 million devices, and the actual number might be even higher, according to researchers from Kaspersky.
Necro found its way into an advertising SDK called “Coral SDK.” This SDK was designed to help integrate various advertising features into apps. However, it used a technique called steganography to deploy second-stage malware that can perform a range of harmful actions. These include loading ads in hidden WebView windows, downloading and executing arbitrary JavaScript files, enabling fraud, and rerouting malicious traffic.
Two seemingly legitimate apps that included this SDK are Wuta Camera, a photo editing app by ‘Benqu’ with over 10 million downloads, and Max Browser by ‘WA message recover-wamr,’ which has about one million downloads.
Updating Flawed Apps
After Kaspersky discovered the malware, they alerted the developers, resulting in a fix for Wuta Camera, which has now removed the malware. If you’re using this app, make sure to update it to version 6.3.7.138. Unfortunately, Max Browser remains compromised, and researchers recommend deleting it and switching to another browser.
While Google Play Store tracks downloads and indicates over 11 million cumulative downloads for these apps, compromised applications are also being distributed through other channels. This means the total number of affected devices is likely much larger. Kaspersky identified several other apps available on third-party websites that carry the Necro malware, including modified versions of WhatsApp (GBWhatsApp and FMWhatsApp), Spotify (Spotify Plus), Minecraft, Stumble Guys, and more.
Google typically takes strong measures to secure its app repository, but even the best defenses can occasionally be bypassed. When downloading new apps, it’s important not to trust everything you find on official stores blindly. Always check the number of downloads, ratings, and reviews to help protect yourself from malware.