Android malware 'Necro' infects 11 million devices via Google Play

[lokamoka820]

Content source

https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play/

A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

This new version of the Necro Trojan was installed through malicious advertising software development kits (SDK) used by legitimate apps, Android game mods, and modified versions of popular software, such as Spotify, WhatsApp, and Minecraft.

Necro installs several payloads to infected devices and activates various malicious plugins, including:

• Adware that loads links through invisible WebView windows (Island plugin, Cube SDK)
• Modules that download and execute arbitrary JavaScript and DEX files (Happy SDK, Jar SDK)
• Tools specifically designed to facilitate subscription fraud (Web plugin, Happy SDK, Tap plugin)
• Mechanisms that use infected devices as proxies to route malicious traffic (NProxy plugin)

 

[i7ii]

The old saying: "Just stick to legitimate sites and apps - and you'll never get infected...." lost its meaning long time ago - prior to Facebook and their nonsensical Add service - where profits were the main focus - not security. Same goes for Google (if not especially) and others alike.