Android users are being cautioned to remove two applications that have been found to harbor malware capable of surreptitiously enrolling users in subscriptions, among other deceptive practices. These applications, which have collectively amassed over 11 million downloads, are now identified as carriers of a new variant of Necro malware.
<figure class="articlemedia”>
<figcaption class="articlemedia-caption”>
<span class="articlemedia-span”>BRAZIL – 2021/08/25: In this photo illustration, the Android logo is displayed on a smartphone with a malware alert in the background. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
<span class="articlecredit”>Credit: Getty
The malware is capable of installing at least four harmful payloads on compromised devices, which include:
- Adware that opens links through invisible WebView windows, displaying unwanted advertisements on the device.
- Modules that download and execute arbitrary JavaScript and DEX files.
- Tools that enable subscription fraud, leading to secret sign-ups for fictitious memberships.
- Mechanisms that utilize infected devices as proxies to route malicious traffic, allowing cybercriminals to obscure their activities.
READ MORE ON ANDROID
Originally discovered by cybersecurity experts at Kaspersky in 2019, the Necro malware has resurfaced in the Google Play Store within these two applications, prompting a new wave of attacks targeting Android devices. The first of these applications, Wuta Camera, developed by the lesser-known ‘Benqu’, has garnered over 10 million downloads, presenting itself as a photo editing and beautification tool. The second application, Max Browser, from ‘WA message recover-wamr’, has reached 1 million downloads.
<h3 class="article-boxoutheadline t-s-border-color”>How to spot a dodgy app
Identifying a malicious app before hitting the ‘Download’ button can be straightforward if you know what to look for. Consider this eight-point checklist when evaluating an unfamiliar app:
- Check the reviews – Be cautious of both negative feedback and overly positive reviews that may be fabricated.
- Look out for grammar mistakes – Reputable app developers typically avoid typos or errors in their descriptions.
- Check the number of downloads – Steer clear of apps with only a few thousand downloads, as they may be fraudulent.
- Research the developer – Investigate their reputation; are they well-regarded or potentially fake?
- Check the release date – A recent release date combined with a high download count can be a red flag.
- Review the permission agreement – This document outlines what data the app can access; be wary of apps requesting unnecessary information.
- Check the update frequency – An app that is updated too often may indicate underlying security issues.
- Check the icon – Examine the icon closely; don’t be misled by distorted or lower-quality versions of legitimate app icons.
This information is readily accessible in both Apple’s App Store and the Google Play Store. Following these findings, Google has removed Max Browser from its platform. However, Wuta Camera remains available for download, as the malware was eliminated in a recent update. Nonetheless, any malicious payloads that may have been installed from earlier versions could still reside on Android devices.
While Google generally excels at identifying and removing harmful applications, some do manage to evade detection. Users who have downloaded either of these applications are strongly advised to delete them immediately. If there are concerns about potential infection, trusted antivirus applications like Malwarebytes or Bitdefender can be downloaded from the Google Play Store to scan for threats and provide guidance on blocking adware. Additionally, monitoring bank accounts for any unauthorized subscriptions or purchases and reporting them to the bank is recommended.
<h3 class="article-boxoutheadline t-s-border-color”>Must-know Android tips to boost your phone
Enhance your Android smartphone experience with these lesser-known hacks:
