The two programs, which have been downloaded 11 million times combined, contain a new strain of Necro malware.
The malware downloads at least four harmful payloads onto affected machines, including:
- Adware that loads links through invisible WebView windows and can display unwanted adverts on your device.
- Modules that download and execute arbitrary JavaScript and DEX files.
- Tools that facilitate subscription fraud, where you are secretly signed up to fake memberships.
- Mechanisms that use infected devices as proxies to route malicious traffic, which cybercriminals use to hide their tracks.
Necro was initially detected by cybersecurity researchers such as Kaspersky in 2019.
However, the team has established that Necro has returned to the Google Play store within two apps, launching a new wave of attacks on Android phones.
The first app, Wuta Camera by the little-known developer ‘Benqu’, has over 10 million downloads and masquerades as a photo editing and beauty tool.
The second program, Max Browser from the developer ‘WA message recover-wamr’, has 1 million downloads.
Google was aware of the results and has already removed Max Browser from its platform.
Wuta Camera is still available for download, as the malware was eliminated in a recent version.
However, any payloads installed in previous versions of the app may still be present on Android devices.
While Google is normally quite good at detecting and uninstalling dangerous apps, some still get through the cracks.
If you have downloaded any of these apps, you should delete them immediately.
If you fear your Android smartphone is infected, you can download a reputable antivirus app from the Google Play Store, such as Malwarebytes or Bitdefender.
These apps will check your phone for potential dangers and show you how to block adware.
It is also recommended that you monitor your bank account for fraudulent subscriptions and purchases and report them to your bank.
Views: 0