Android users are being cautioned to remove two applications that have been found to harbor malware capable of surreptitiously enrolling users in subscriptions, among other deceptive practices. These applications, which have collectively amassed over 11 million downloads, are now identified as carriers of a new variant of Necro malware.
The malware is capable of installing at least four harmful payloads on compromised devices, which include:
- Adware that opens links through invisible WebView windows, displaying unwanted advertisements on the device.
- Modules that download and execute arbitrary JavaScript and DEX files.
- Tools that enable subscription fraud, leading to secret sign-ups for fictitious memberships.
- Mechanisms that utilize infected devices as proxies to route malicious traffic, allowing cybercriminals to obscure their activities.
READ MORE ON ANDROID
Originally discovered by cybersecurity experts at Kaspersky in 2019, the Necro malware has resurfaced in the Google Play Store within these two applications, prompting a new wave of attacks targeting Android devices. The first of these applications, Wuta Camera, developed by the lesser-known ‘Benqu’, has garnered over 10 million downloads, presenting itself as a photo editing and beautification tool. The second application, Max Browser, from ‘WA message recover-wamr’, has reached 1 million downloads.
How to spot a dodgy app
Identifying a malicious app before hitting the ‘Download’ button can be straightforward if you know what to look for. Consider this eight-point checklist when evaluating an unfamiliar app:
- Check the reviews – Be cautious of both negative feedback and overly positive reviews that may be fabricated.
- Look out for grammar mistakes – Reputable app developers typically avoid typos or errors in their descriptions.
- Check the number of downloads – Steer clear of apps with only a few thousand downloads, as they may be fraudulent.
- Research the developer – Investigate their reputation; are they well-regarded or potentially fake?
- Check the release date – A recent release date combined with a high download count can be a red flag.
- Review the permission agreement – This document outlines what data the app can access; be wary of apps requesting unnecessary information.
- Check the update frequency – An app that is updated too often may indicate underlying security issues.
- Check the icon – Examine the icon closely; don’t be misled by distorted or lower-quality versions of legitimate app icons.
This information is readily accessible in both Apple’s App Store and the Google Play Store. Following these findings, Google has removed Max Browser from its platform. However, Wuta Camera remains available for download, as the malware was eliminated in a recent update. Nonetheless, any mal...