A recent report from Kaspersky has revealed that Google Play, the largest application store in the world, has become a breeding ground for malware distribution. According to the report, over 11 million Android devices have fallen victim to the Necro malware, which has been spreading through seemingly harmless applications.
The malware was first discovered in the popular text recognition app CamScanner, which has over 100 million downloads on Google Play. Necro has since been found in other well-known applications on Google Play as well as in various versions of applications on unofficial websites.
Security experts at Kaspersky believe that Necro may have infiltrated legitimate applications through unverified advertising integration tools. The malware has been found in applications like Wuta Camera and Max Browser, with a combined total of over 11 million downloads. Necro utilizes steganography, a technique that hides malicious code inside images, making it difficult to detect by security systems.
Once a device is infected, Necro can manipulate the system, download additional malicious code, and even sign up for paid services without the user’s consent. The malware not only affects Google Play but also spreads through unofficial application markets, posing a threat to popular applications like Spotify, Minecraft, and WhatsApp.
Malware developers have exploited unauthenticated SDKs to turn legitimate applications into tools for data collection and user control. Necro’s capabilities include changing URLs, installing new malicious code, and taking complete control of the victim’s device.
To protect themselves, users are advised to immediately uninstall infected applications such as Wuta Camera (versions from 6.3.2.148 to 6.3.6.148) and Max Browser. It is also recommended to download and update applications only from Google Play, as Google’s application censorship policy remains the strictest.