If you have any of these infected apps on your Android phone, they must be uninstalled now

2comments
Spelled out against a backdrop of computer code is the word "malware."
If you have a roll of Necco candy wafers in your pocket, you have a tasty snack at the ready. On the other hand, if you have an Android phone with the Necro malware in your pocket, you could be in for a bad time. A new version of the Necro Trojan malware has infected Play Store-listed Android apps and modifications iof popular apps and games such as WhatsApp and Spotify.

The Necro loader uses steganography to hide payloads. This is the practice of using another message or physical object to hide the payloads which can display ads in invisible windows generating cash for the attackers and hurting your phone by diminishing battery life, slowing performance, and making it run hot. It can also sign up the targeted phone to paid subscription services. The payloads can also download and execute arbitrary JavaScript and DEX files.

As an example of how this malware can infect your phone, last month security researchers at Kaspersky found a Spotify mod called Spotify Plus, version 18.9.40.5 that could be downloaded from a site flagged by Kaspersky as being dangerous. The original website made some claims including one stating that the app was safe, certified, and had several features not available from the official app. The research discovered that this Spotify mod contained Necro malware.


In the course of doing this research, Kaspersky discovered other apps infected with Necro including some available from the Play Store that were installed in over 11 million Android phones combined. One app alone in the Play Store, the Wuta Camera app, was downloaded over 10 million times. While Google eventually removed this app from the Play Store, if you installed it on your phone it would still be there and could cause problems for you and your phone. If you do have the Wuta Camera app on your Android device, delete it immediately.


Kaspersky also discovered a second Necro-infected Play Store app called Max Browser. This app was installed over one million times on Android via the Google Play Store and starting with version 12.0, the app contained Necro malware. Once again, Google removed the app from its Android app storefront, and once again we implore you to check to see if the app is on your Android phone. If it is, uninstall it ASAP.

A modified version of WhatsApp was also discovered containing the Necro loader. There is a legitimate app in the Play Store with the same package name but just offers stickers for the messaging app. Besides the Spotify and WhatsApp mods and the two Play Store apps, the malware was found in these game mods:

  • Minecraft
  • Stumble Guys
  • Car Parking Multiplayer
  • Melon Sandbox

Because the modified apps were not installed from official sources, the number of phones infected with Necro could be more than the 11 million that installed the two apps available from the Play Store. Kaspersky's security tools blocked over 10,000 Necro attacks between August 26 and September 25 with most of the attacks taking place in Russia, Brazil, and Vietnam.


Once again, check your Android phone and if you have any of the apps listed below installed on the device, uninstall them ASAP. Kaspersky also recommends that you install apps from official sources only.

Can’t get enough of mobile tech?
Subscribe to access new exclusive content and perks.
You can still enjoy the standard PhoneArena experience for free.
  • In-depth reviews, tests & analyses
  • Expert opinions on the latest trends
  • Live community events and games
  • Ad-free browsing, discounts and more
Start Free Trial See the latest subscriber-only articles

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless