Statistics show that there is an expected surge of 143 billion app downloads in 2026. With such a massive number of users and smartphones, it’s no surprise that the Play Store has become a target for malicious actors. Kaspersky SecureList researchers have discovered the Necro malware on Android, infecting over 11 million devices.
The researchers identified various infected apps, including Wuta Camera, Max Browser, and unofficial WhatsApp and Spotify mods carrying the malware. Additionally, mods for popular games like Minecraft and Melon Sandbox were found to be infected.
Reportedly, Wuta Camera had the malware from version 6.4.2.148 until it was removed in version 6.4.7.138. Despite Max Browser being removed from the store, it had already been downloaded over a million times and contained the Necro malware loader from version 1.2.0 onwards.
The Necro malware operates in the background on a device to generate revenue for the attacker. While it may cause performance issues, the malware is designed to remain undetected. It generates ad revenue by opening and clicking on ads through hidden windows.
Google assured that all known infected apps have been removed, and most users should be protected by Google Play Protect, which is the default antivirus on Android devices. However, if you suspect your device has been infected, it’s recommended to use a reliable antivirus scanner to remove any malware.
For tips on removing malware from your Android device, refer to our guide on the best antivirus programs available for Android devices.
