Technology
Android's latest nightmare: millions of devices infected by sneaky malware
You’d think an app listed on the Play Store would be safe to download. That’s what Google wants you to believe, and it’s true to a large extent. But in this digital world, no service is foolproof.
Time and time again, there have been instances when widely downloaded apps on the Play Store were infected by malware. While Google continues to promise that the app market is safe, another incident has come to light.
Security researchers have discovered a new Trojan malware called Necro that not only infects apps downloaded through unofficial sources but also those on the Play Store, including one with more than 10 million downloads.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A man scrolling on his Android phone (Kurt “CyberGuy” Knutsson)
How does Necro infect apps
The exact method by which both apps were initially compromised with the malware is still unclear. Researchers at Kaspersky’s Securelist believe a rogue software development kit (SDK) used for integrating advertising functionalities may be responsible for the breach. SDKs are essential tools developers use to add specific features to their apps, such as ad services, analytics or payment processing.
CLICK HERE FOR MORE U.S. NEWS
When an SDK is compromised, it can inadvertently introduce vulnerabilities into the applications that utilize it. In this case, the malware affecting the apps displayed ads in the background to generate fraudulent revenue for the attackers, installed apps and APKs without the user’s consent and used invisible WebViews to interact with paid services.
The Trojan in question, Necro, isn’t exactly new. It’s the same malware that infected a popular document scanner called CamScanner in 2019, which at that time had over 100 million downloads.
An Android phone on a desk (Kurt “CyberGuy” Knutsson)
ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY
Which apps are affected?
Kaspersky researchers identified several apps affected by the Necro Trojan, including those available in Google Play. Their combined audience numbered more than 11 million Android devices.
The first affected app is the Wuta Camera, a photo editing and beautification tool. It has at least 10 million times. The Necro loader has been embedded in it starting from version 6.3.2.148. The latest version of the app, 6.3.6.148, which was available on Google Play, also had it. After the researchers reported the presence of malicious code to Google, the Trojan was removed from the app in version 6.3.7.138.
The second infected app was Max Browser. This browser, according to Google Play, has been installed more than a million times and, starting with version 1.2.0, also contained the Necro loader. Google took down the infected app from the Play Store after it was reported.
Kaspersky also found WhatsApp mods that had the Necro loader in unofficial sources. It also spotted the Spotify mod called “Spotify Plus,” which promises free access to ad-free premium services. Plus, the report mentions mods for popular games like Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox, all of which were infected with the Necro loader.
Mods, or modifications, are altered versions of original apps or games that often provide additional features or tweaks.
An Android phone (Kurt “CyberGuy” Knutsson)
ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA
What is Google’s response to this?
Google is aware of the Necro malware and, as I mentioned above, it has already taken down the affected apps. A Google spokesperson provided us with the following statement:
“All of the malicious versions of the apps identified by this report were removed from Google Play prior to report publication. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
4 ways to protect yourself from Necro malware
1. Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but the Necro Trojan proves it’s not enough. Historically, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Download apps from reliable sources: It’s important to download apps only from trusted sources like the Google Play Store. You might say I am contradicting myself, but Play Store is still safer than other options out there. It has strict checks to prevent malware and other harmful software. However, even with the security measures provided by Google Play, downloading apps from the store does not guarantee 100% protection against malware or harmful software. Avoid downloading apps from unknown websites or unofficial stores because they can pose a higher risk to your personal data and device. Never trust download links that you get through SMS.
3. Be cautious with app permissions: Always review the permissions requested by apps before installation. If an app requests access to features that seem unnecessary for its function, it could be a sign of malicious intent. Do not give any app accessibility permissions unless you really need to. Avoid granting permissions that could compromise your personal data.
4. Regularly update your device’s operating system and apps: Keeping your software up to date is crucial because updates often include security patches for newly discovered vulnerabilities that could be exploited by trojans.
ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS
Kurt’s key takeaways
The discovery of the Necro loader in apps like Wuta Camera, Max Browser and popular game mods shows just how serious security issues can be in the app world. With over 11 million Android devices affected, it’s crucial to be careful about where you download your apps. Unofficial sources can be a breeding ground for hidden threats, but the Play Store isn’t completely safe either. Google should look into what apps it allows on its platform. I haven’t seen as many malware issues affecting iPhone apps as there are on Android.
Do you think Google does enough to protect users from malware on the Play Store? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
It’s still hard to believe that Hollow Knight: Silksong actually came out this year, but now, we all have a new thing to wait for: the game is getting a free expansion in 2026, titled Sea of Sorrow. Team Cherry calls it the game’s “first big expansion.”
“New areas, bosses, tools, and more!” Team Cherry says in a blog post. “Hornet’s adventures continue in our nautically themed expansion, coming free for all players next year. We’ll keep further details a secret for now, but expect additional info shortly before Hollow Knight: Silksong – Sea of Sorrow releases.”
More than 7 million people bought Silksong, according to Team Cherry, and “millions more” played on Xbox Game Pass.
The original Hollow Knight is getting updated, too. Team Cherry is working on a Nintendo Switch 2 Edition of the game that “incorporates all the updates and enhancements that Silksong received on the platform: High frame-rate modes, higher resolutions, and many additional graphical effects.” Players who own the Switch version of the game will get the Nintendo Switch 2 Edition as a free update when it’s available in 2026.
Ahead of that launch, Team Cherry says it will be “updating all versions of the original game for current platforms, adding features and fixing bugs.” Those changes include “full 16:10 and 21:9 aspect ratio support for those of you with Steam Decks or ultrawide monitors,” and PC players can try the new updates in public beta.
NEWYou can now listen to Fox News articles!
Petco revealed a data breach that exposed sensitive customer information. The company disclosed the details in state filings after identifying a configuration in one of its software applications that made certain files accessible online. This issue has now been corrected, but the impact is significant.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS
Petco disclosed a breach that exposed customer data after a software setting left files accessible online. (Photographer: Tiffany Hagler-Geard/Bloomberg via Getty Images)
What Petco says the breach exposed
According to reports filed with the Texas attorney general’s office, the exposed data included names, Social Security numbers, driver’s license numbers, financial account details, credit or debit card numbers and dates of birth. Filings in California, Massachusetts and Montana confirm additional affected residents.
In California, companies must report breaches involving at least 500 state residents. Petco did not disclose the exact number, which suggests the real total is higher. For context, Petco said in 2022 that it served more than 24 million customers.
Petco says the company sent notifications to individuals whose information was involved. The sample notice released by the California attorney general explains that a software setting allowed certain files to be accessible online. Petco says it removed those files, corrected the setting and added new security measures.
The company is offering free credit and identity theft monitoring to victims in California, Massachusetts and Montana. It is not clear if similar support is being offered to affected Texas residents.
We reached out to Petco for comment, and a representative provided CyberGuy with the following statement,
“We recently identified a setting in one of our applications which inadvertently made certain Petco files accessible online. Upon identifying the issue, we took immediate steps to correct the error and began an investigation. We notified individuals whose information was involved and continue to monitor for further issues. We take this incident seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to enhance the security of our network.”
What this breach means for you
A breach that exposes government IDs, financial numbers and birth dates creates long-term risks. Criminals use this mix of information to open accounts, take over existing ones or try to pass identity checks. Even if no fraud happens right away, exposed data can sit in criminal markets for years.
Ways to stay safe after a breach like this
You can take several steps today that help lower your risk and protect your identity going forward.
1) Place a credit freeze
A freeze blocks new credit accounts in your name. It also stops criminals from opening loans or credit cards with your stolen information. You can freeze your credit for free at Equifax, Experian and TransUnion.
2) Add two more freezes
Two additional freezes cover accounts that do not run through the major credit bureaus. Freeze ChexSystems to stop criminals from opening checking or savings accounts. Freeze NCTUE to block fake phone, cable or utility accounts.
3) Turn on account alerts
Set up alerts for banking, credit cards and online shopping accounts. Alerts help you spot suspicious activity fast.
4) Use a password manager
Strong passwords protect you from credential stuffing attacks. This happens when criminals take stolen passwords from one breach and try them on other sites. A password manager creates unique passwords for every account and helps you stop those attacks before they start.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
5) Monitor your identity
If Petco offered you free identity theft monitoring, enroll as soon as possible. It helps you catch fraud that can happen months or years later.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW
State filings show Petco customers had Social Security and financial information exposed in the breach. (Photo by Justin Sullivan/Getty Images)
6) Remove exposed personal data
Data broker sites collect and share personal details that fuel scams. Removing your information reduces your exposure and makes you a harder target.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME
Petco says it corrected the software issue and notified individuals whose information was compromised. (Photo by Paul Weaver/SOPA Images/LightRocket via Getty Images)
7) Watch for phishing and use strong antivirus software
Scammers often follow a breach with emails or texts that look real. Slow down and check every message before you click. A strong antivirus helps block malicious links and alerts you when something looks risky.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
Kurt’s key takeaways
Data breaches happen often, but this one involves information that can cause lasting harm. You can protect yourself with a few quick steps that reduce the chance of fraud and limit how far criminals can get with your data.
How much trust do you place in companies to protect your personal information? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
Amazon has launched a new AI feature in the Kindle app that gives spoiler-free answers to questions about the book you’re reading and confirmed that authors can’t opt out from the feature.
The company calls Ask this Book an “expert reading assistant” in its announcement and says that it’s capable of answering questions about “plot details, character relationships, and thematic elements,” all while avoiding spoilers by limiting its answers to content from the pages you’ve read so far. It’s essentially an in-book chatbot, accessible from the book menu or by highlighting a passage of text you want to ask about.
Amazon spokesperson Ale Iraheta told Publishers Lunch that the answers are “non-shareable and non-copyable” and only available to readers who’ve purchased or rented books. Iraheta also said that the feature is always on, noting that “there is no option for authors or publishers to opt titles out.”
‘We stay praying about it:’ Suspect in deadly Detroit hit and run charged
15 injured after San Francisco cable car comes to screeching halt
City Hall’s future is an opportunity for its leadership
Time for Miami to bench Tua Tagovailoa? ‘Very rash and shortsighted’
Brookline police investigate shooting that wounded man
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Brown Student Has Survived Two School Shootings
DC police accused of manipulating crime stats as federal probe finds thousands of misclassified cases
All eyes on Italy as Mercosur deal hangs in the balance
Australia announces strict new gun laws. Here’s how it can act so swiftly
Video: Rob Reiner and His Wife Are Found Dead in Their Los Angeles Home
-
Alaska1 week agoHowling Mat-Su winds leave thousands without power
-
Texas1 week agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
Washington7 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa1 week agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Iowa3 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Iowa1 day agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Miami, FL1 week agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH1 week agoMan shot, killed at downtown Cleveland nightclub: EMS