Alarming Android Malware Infiltrates Google Play Infecting Millions Of Devices
Of course, as with most mobile malware, Necro was also available from plenty of unofficial sources outside of the Google Play Store. Several popular apps such as WhatsApp, Spotify, and even Minecraft are offered on the web in modified form, claiming extra functionality including free access to paid subscription services. Unfortunately for users tempted by these mods, they were also opening themselves up to being infected by Necro.
Once installed on a victim’s device, this malware initially sends system information to a server controlled by the attackers. This includes the device's IMEI, RAM capacity, and what version of Android is currently installed. Necro is then able to receive a variety of plugins that determine its functionality, providing attackers with a wide range of options. For example, one of these plugins enables the display of intrusive ads during random time intervals.
It's always bad news when malware such as Necro is able to find its way into apps that are available in the Google Play Store, especially when it has been previously discovered. We often advise readers that one of the best ways to remain safe while using mobile devices is to stick to the official app store. However, every time this happens it can chip away at user confidence in this advice. Hopefully Google is learning lessons from incidents such as this one and can work to improve their systems for detecting malware.