Necro was first discovered in 2019 in the text recognition app CamScanner, which has over 100 million downloads on Google Play.
Recently, cybersecurity experts discovered that Necro has reappeared in both popular apps on Google Play and in various versions on unofficial websites. This new version of the malware has been upgraded with many more features.
Kaspersky experts believe that the developers of legitimate applications may have used an unverified ad-integration tool, which allowed Necro to infiltrate.
Wuta Camera and Max Browser, two popular apps on Google Play, have been found to contain Necro malware, with a combined total of over 11 million downloads.
Necro easily bypassed security systems by using a technique of hiding malware within images (steganography). Once it infiltrated a device, the malware would take control, download additional malware, and even secretly subscribe to paid services without the user's knowledge.
Users should immediately uninstall applications such as Wuta Camera (infected versions 6.3.2.148 to 6.3.6.148) and Max Browser if they have installed them.
31 apps that steal bank account information, you should delete them immediately (September 3, 2024)
The 31 malicious applications listed below are capable of stealing bank account login information without the user's permission.
Security researchers have discovered malware called 'Daam' that can bypass security applications installed on smartphones and cause serious consequences.
Experts consider this type of malware to be sophisticated, capable of stealing data, collecting sensitive information, eavesdropping, and recording all incoming and outgoing calls on the victim's smartphone, including calls made through applications such as Messenger, Telegram, or WhatsApp.
According to CloudSEK experts, there are 3 applications containing the Daam malware:
- Psiphon is an application for creating virtual private networks (VPNs).
- Boulders mobile game.
- Currency Pro is a currency conversion app.
Furthermore, international information security research organizations have reported the discovery of 28 applications that tend to spread malware, disguised as useful applications to trick users into installing them. Seventeen of these applications impersonate VPN tools, advertised as helping users browse the web more safely and conceal their real information online.
28 applications containing malware include:
- Lite VPN;
- Anims Keyboard;
- Blaze Street;
- Byte Blade VPN;
- Android 12 Launcher;
- Android 13 Launcher;
- Android 14 Launcher;
- CaptainDroid Feeds;
- Free Old Classic Movies;
- Phone Comparison;
- Fast Fly VPN;
- Fast Fox VPN;
- Fast Line VPN;
- Funny Char Ging Animation;
- Limo Edges;
- Oko VPN;
- Phone App Launcher;
- Quick Flow VPN;
- Sample VPN;
- Secure Thunder;
- Shine Secure;
- Speed Surf;
- Swift Shield VPN;
- Turbo Track VPN;
- Turbo Tunnel VPN;
- Yellow Flash VPN;
- VPN Ultra;
- Run VPN.
Experts warn that if users' devices contain these applications, they should be quickly uninstalled to avoid unfortunate risks. At the same time, to ensure safety, users should not download unfamiliar applications, activate Google Play Protect in Google Play to be protected from malware, and use reliable antivirus solutions.
NGate malware uses NFC readers to drain victims' money (August 27)
Cybersecurity company ESET has discovered a malware on Android that uses the NFC reader on infected devices to extract payment data from the phone and forward that information to attackers.
This malware uses the NFCGate toolkit to analyze NFC traffic, hence its name NGate.
This malware will allow criminals to withdraw money or pay for purchases at cash registers by using user data at ATMs and POS (point of sale) machines.
NGate operates by sending an urgent message containing a link to a fake website that collects the victim's login credentials, prompting the victim to install an app because there is a problem with their tax return. Based on the collected information, the attacker gains access to the target's bank account.
The attacker then impersonates a bank employee and calls the victim to inform them that they have received a text message containing a link to an application, which is actually the NGate malware. The attacker will then ask the victim to enable NFC on their phone and scan their card.
Through a compromised smartphone, NGate can forward NFC data from the victim's card to the attacker's smartphone, which can then emulate the card. From there, the perpetrator can receive real-time information and withdraw money from the ATM.
Thanks to Google Play Protect's automatic protection feature, no apps containing NGate have been detected on Google Play.
Warning: New malware designed to steal money and wipe Android devices clean.
Security experts have recently discovered a new Android malware called 'BingoMod' that can steal money from bank accounts and wipe out victims' phone data.
BingoMod often disguises itself as popular mobile security apps, spreading through phishing SMS messages to trick users into installing it. Once installed, this malware requests access to accessibility services, thereby gaining full control of the device to steal login credentials, take screenshots, intercept messages, and even conduct fraudulent transactions directly on the device.
According to the research, each transaction by this malware can result in the theft of up to over $16,000 (approximately 404 million VND).
Furthermore, after successfully withdrawing money, BingoMod can also erase all data on the phone, making it difficult for the victim to recover their information.
Currently, BingoMod is still under development and will undoubtedly become even more dangerous in the future.
Therefore, experts warn that Android users need to be especially wary of SMS messages containing links to download unfamiliar apps, particularly those with names related to security and protecting their bank accounts and personal data. Additionally, users should carefully check the developer's information and read reviews from other users before installing any application.
How to check if your smartphone has malicious apps installed.
Users can use the "Play Protect" feature built into Google Play Store to check if their smartphone has inadvertently installed any apps containing malware.
To use this feature, users need to access the CH Play app store -> tap the account icon in the upper right corner -> select " Play Protect " settings -> tap the " Scan " button.
After the scan, if you see the message " No harmful apps found, " then your phone is safe.
However, the Play Protect feature only protects your smartphone from apps that Google has identified as malicious. If Google has not yet identified apps containing malware, this feature cannot warn users.
How to remove malicious apps from Android smartphones
To remove a malicious app on your Android smartphone, you need to go to Settings -> select the Applications tab -> select Manage applications -> find the app you want to remove, tap on it and select Uninstall .