According to statistics, it’s expected that people will download 143 billion apps in 2026 alone. That’s a lot of people and a phones, so it’s no surprise that bad actors have pinpointed the Play Store as an ideal distribution center. According to security researchers at Kaspersky SecureList, the infamous Necro malware has been found in Android, with more than an estimated 11 million devices infected.
The estimated download count comes from the researchers taking a look at the different infected apps. There are several that are confirmed infected, including Wuta Camera and Max Browser. There are also WhatsApp mods from unofficial sources that carry the malware, as well as a Spotify mod called “Spotify Plus” — yes, like the premium service. The report also touches on a number of infected mods for games like Minecraft and Melon Sandbox.
According to the report, the malware was part of Wuta Camera from version 6.4.2.148 until its discovery and removal in version 6.4.7.138. Max Browser has since been removed from the app store, but it had been downloaded and installed more than a million times and contained the Necro loader from version 1.2.0 forward.
The Necro malware is designed to generate revenue for the attacker by running processes in the background of your phone. You might notice a performance hit, but the malware is built to go undetected. In short, it opens and clicks advertisements to create ad revenue, but it does so through invisible windows.
In an interview with Fox, Google stated that all known infected apps had been removed already, and that most users should have been protected by Google Play Protect, the default antivirus on most Android devices.
If you’re concerned that your device might have caught the Necro malware or another nasty bit of software, use a reliable antivirus scanner. There are multiple different antivirus programs available for Android devices, and we have a handy guide on how to remove malware and viruses from an Android phone.
