On
Over 11 Million Android Devices Infected with Malware Distributed Through Google Play

A new report from Kaspersky reveals that more than 11 million Android devices have fallen victim to the Necro malware, which spread through two seemingly innocent applications available on Google Play.

Article Overview

Security researchers first identified Necro back in 2019 within the CamScanner text recognition app, which had accumulated over 100 million downloads on Google Play.

Malware

Recently, cybersecurity experts detected Necro making a comeback within popular Google Play apps and through unofficial app distribution websites. This updated variant comes equipped with significantly enhanced capabilities.

Kaspersky specialists believe that legitimate app developers may have unknowingly incorporated unverified advertising tools, which provided Necro with an entry point into their applications.

Two widely-used apps on Google Play—Wuta Camera and Max Browser—were found containing the Necro malware, with a combined total of more than 11 million downloads.

Necro successfully evaded security systems by employing steganography, a technique that hides malicious code within images. Once installed on a device, the malware gains control, downloads additional malicious payloads, and covertly enrolls users in premium paid services without their knowledge.

Users should immediately uninstall apps like Wuta Camera (affected versions 6.3.2.148 through 6.3.6.148) and Max Browser if they have been installed on their devices.

31 Malicious Apps Stealing Bank Credentials—Delete These Now (September 3, 2024)

Thirty-one malicious applications have been identified that can steal banking login information without user authorization.

Security researchers discovered a malware strain called "Daam" capable of bypassing security software installed on smartphones, leading to severe consequences for infected users.

Malware

Experts assess this malware variant as highly sophisticated in its operation. It can steal data, harvest sensitive information, eavesdrop on calls, and record all incoming and outgoing communications on compromised devices, including calls made through apps like Messenger, Telegram, and WhatsApp.

According to CloudSEK specialists, three applications have been confirmed to contain the Daam malware:

  • Psiphon—a VPN application for creating private networks.
  • Boulders—a mobile game.
  • Currency Pro—a currency conversion tool.

Additionally, international cybersecurity organizations have identified 28 apps with malware distribution potential. These apps masquerade as legitimate utilities to deceive users into installation. Among these, 17 pose as VPN tools, advertising secure web browsing and online privacy protection.

The 28 malware-infected applications include:

  • Lite VPN;
  • Anims Keyboard;
  • Blaze Stride;
  • Byte Blade VPN;
  • Android 12 Launcher;
  • Android 13 Launcher;
  • Android 14 Launcher;
  • CaptainDroid Feeds;
  • Free Old Classic Movies;
  • Phone Comparison;
  • Fast Fly VPN;
  • Fast Fox VPN;
  • Fast Line VPN;
  • Funny Char Ging Animation;
  • Limo Edges;
  • Oko VPN;
  • Phone App Launcher;
  • Quick Flow VPN;
  • Sample VPN;
  • Secure Thunder;
  • Shine Secure;
  • Speed Surf;
  • Swift Shield VPN;
  • Turbo Track VPN;
  • Turbo Tunnel VPN;
  • Yellow Flash VPN;
  • VPN Ultra;
  • Run VPN.

Security experts urge immediate removal of these apps to avoid potential damage. To stay protected, avoid downloading unfamiliar applications, enable Google Play Protect within the Google Play Store, and use reputable antivirus solutions to guard against malware threats.

NGate Malware Exploits NFC to Drain Victim Bank Accounts (August 27)

Cybersecurity firm ESET uncovered a dangerous Android malware that leverages NFC technology on infected devices to intercept payment data and relay it to cybercriminals.

This malware uses the NFCGate toolkit to analyze NFC traffic, earning it the name NGate.

Malware

The malware enables criminals to withdraw funds or process fraudulent purchases at payment terminals by exploiting stolen user data at ATMs and POS machines.

NGate operates by sending a fraudulent text message containing a link to a fake website that harvests login credentials. The message typically claims there is an issue with the victim's tax filing and requests app installation. With this information, attackers gain access to the victim's bank account.

Next, the attacker impersonates a bank representative, calling the victim to request they open a text message with a link to an app—actually the NGate malware. The victim is instructed to enable NFC on their phone and scan their card.

Through the compromised smartphone, NGate relays NFC data from the victim's card to the attacker's device, allowing them to clone the card. The attacker then receives real-time information and can withdraw money from ATMs.

Thanks to Google Play Protect's automated security features, no NGate-infected apps have been detected on Google Play to date.

Alert: New Malware Designed to Steal Money and Wipe Android Devices

Security researchers have discovered a new Android malware called BingoMod capable of stealing funds from bank accounts and completely erasing device data.

BingoMod typically disguises itself as popular mobile security applications and spreads through deceptive SMS messages to trick users into installation. Once installed, it requests accessibility service permissions, granting it full device control to steal login credentials, capture screenshots, intercept messages, and execute fraudulent transactions directly on the device.

Malicious app

Research shows that each transaction intercepted by this malware can result in losses exceeding $16,000.

After successfully stealing funds, BingoMod can completely wipe the device's data, making it extremely difficult for victims to recover their information.

Currently, BingoMod continues to evolve and will likely become even more dangerous in the future.

Security experts warn that Android users must remain vigilant against SMS messages containing links to unfamiliar apps, particularly those claiming to provide security or bank account protection. Additionally, users should carefully review app developer information and read other user reviews before installing any new application.

How to Check If Your Smartphone Contains Malicious Applications

Users can leverage Google's built-in "Play Protect" feature in the Google Play Store to scan their smartphone for any accidentally installed malware.

To use this feature, open the Google Play Store —> tap your account icon in the upper right corner —> select Play Protect settings —> tap the Scan button.

After scanning completes, if you see the message "No harmful apps detected," your phone is safe.

However, Play Protect only protects against apps that Google has already identified as malicious. If Google hasn't yet recognized certain malware-laden applications, this feature cannot alert you to their presence.

Steps to Remove Malware from Your Android Device

To remove malware from your Android smartphone, go to Settings —> select Applications —> choose Manage applications —> find the app you want to remove, tap it, and select Uninstall.

Related Articles