The estimate of infected devices stems from researchers examining various compromised applications. Among the affected are Wuta Camera and Max Browser. Additionally, unofficial WhatsApp mods and a modified version of Spotify known as Spotify Plus have also been identified as carriers of this malware. The investigation also highlights infected modifications for popular games like Minecraft and Melon Sandbox.
The report specifies that the malware was found in Wuta Camera from version 6.4.2.148 until it was detected and removed in version 6.4.7.138. While Max Browser has since been taken down from the app store, it was downloaded over a million times and contained the Necro loader from version 1.2.0 onward.
The purpose of the Necro malware is to generate revenue for its creators by running processes discreetly in the background of infected devices. Users may notice decreased performance, but the malware is designed to operate unnoticed. Essentially, it opens ads and interacts with them to generate income, all while using hidden windows to do so.
In a statement to Fox, Google confirmed that all known apps containing the malware have been removed and assured that the majority of users likely benefited from the protection provided by Google Play Protect, the built-in antivirus for most Android smartphones.
If you suspect that your device might have been compromised by the Necro malware or any other harmful software, it’s advisable to utilize a trusted antivirus scanner. Numerous antivirus solutions are available for Android, and there are useful guides on how to identify and remove malware from your device.
