Malware News Android malware 'Necro' infects 11 million devices via Google Play

lokamoka820

Level 23
Thread author
Mar 1, 2024
1,222
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

This new version of the Necro Trojan was installed through malicious advertising software development kits (SDK) used by legitimate apps, Android game mods, and modified versions of popular software, such as Spotify, WhatsApp, and Minecraft.

Necro installs several payloads to infected devices and activates various malicious plugins, including:
  • Adware that loads links through invisible WebView windows (Island plugin, Cube SDK)
  • Modules that download and execute arbitrary JavaScript and DEX files (Happy SDK, Jar SDK)
  • Tools specifically designed to facilitate subscription fraud (Web plugin, Happy SDK, Tap plugin)
  • Mechanisms that use infected devices as proxies to route malicious traffic (NProxy plugin)
 

i7ii

New Member
Sep 3, 2024
7
The old saying: "Just stick to legitimate sites and apps - and you'll never get infected...." lost its meaning long time ago - prior to Facebook and their nonsensical Add service - where profits were the main focus - not security. Same goes for Google (if not especially) and others alike.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top