Source URL: https://it.slashdot.org/story/24/09/23/213203/11-million-devices-infected-with-botnet-malware-hosted-in-google-play?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: 11 Million Devices Infected With Botnet Malware Hosted In Google Play
Feedly Summary:
AI Summary and Description: Yes
Summary: The text discusses the resurgence of malicious behavior in legitimate Android apps, specifically highlighting the discovery of new infections linked to a previously identified malware family. This emphasizes the ongoing risks associated with app security, particularly concerning the integration of third-party software development kits (SDKs) for advertising.
Detailed Description: The article by Ars Technica covers a critical issue in mobile security, illustrating how malware can infiltrate seemingly safe applications through malicious SDKs, representing a substantial threat to device users.
– Five years ago, researchers uncovered malware hidden in a legitimate Android app, impacting 100 million devices.
– The Kaspersky research team has identified two new apps currently infected by the same malware family, reaching 11 million downloads combined.
– The offending SDK facilitates advertising but also harbors malicious code designed to redirect devices to attacker-controlled servers.
– Specifically, the apps affected include:
– **Wuta Camera**: Over 10 million downloads; versions 6.3.2.148 to 6.3.6.148 contained the malicious SDK but have since been updated to remove the threat.
– **Max Browser**: Approximately 1 million downloads; this app is now unavailable on Google Play due to infection.
– The researchers have detected the malware carrier, Necro, propagating through not only Google Play but also alternative app marketplaces, often disguised as modified versions of popular apps like Spotify and WhatsApp.
– Users are advised to check for signs of compromise to ensure their devices are not infected.
The practical implications of this discovery are significant for security and compliance professionals:
– Heightened awareness is essential regarding the risks associated with third-party SDKs that may introduce vulnerabilities into otherwise secure applications.
– Ongoing monitoring and incident response procedures should be established to rapidly identify and mitigate similar threats as they evolve.
– The incident underscores the importance of rigorous app vetting processes and user education on the potential dangers of downloading applications from untrustworthy sources.