A new version of the Necro malware loader infected 11 million Android devices via malicious advertising SDKs in legitimate apps and modified versions of popular software. The malware primarily spreads through unofficial websites and modified apps, but two legitimate Google Play apps were also found to be infected. Kaspersky identified several malicious plugins associated with Necro, including those that display ads, download and execute files, facilitate subscription fraud, and use infected devices as proxies. The total number of infections is unknown, but at least 11 million devices were infected through Google Play.

  • Ilandar@aussie.zone
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    Sometimes I search for important apps like web browsers on the Play Store to see what people are downloading. It’s disturbing how many people scroll past all the mainstream and safe choices and instead download these absolutely terrible, tracker-infested browsers I have never heard of. Those are the same people who would download one of these no-name virus apps. It’s at moments like that when I realise how many tech illiterate people there are in the world. Some people are genuinely a risk to themselves and those around them if you give them web-enabled devices.

    • ijeff@lemdro.idOPM
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      3 months ago

      I can’t tell whether you’re just referring to Chrome 🙂.

  • Fizz@lemmy.nz
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    I download a lot of non playstore apps how can I check they don’t have this issue? I don’t think I downloaded anything sketchy but maybe.

    • GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      3 months ago

      This is Kaspersky, so the only answer you’re going to get from them is “use Kaspersky Premium”.

      The only non-Play apps they mention in their report are modified versions of otherwise-clean apps (like Spotify or Minecraft). They didn’t mention anything on F-Droid or other app stores.

      • DarkThoughts@fedia.io
        link
        fedilink
        arrow-up
        7
        arrow-down
        2
        ·
        3 months ago

        I’d very highly suggest not to use Russian anti-virus software, regardless which version we’re talking about.

        • JustMarkov@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          ·
          3 months ago

          I’d very higly suggest to not use any anti-virus, other than open-source ones, like ClamAV or Hypatia.

    • ijeff@lemdro.idOPM
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      3 months ago

      I’m not personally familiar with Android antivirus tools. I’d imagine your best bet is to just not install APKs from random unverified sources.

    • burgersc12@mander.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      If you haven’t donwloaded modded apps you’re probably fine. I read that updating/removing the infected apps should be enough, but idk