Cybersecurity

5677 readers

98 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

11 million devices infected with botnet malware hosted in Google Play (arstechnica.com)

submitted 1 month ago by neme@lemm.ee to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top controversial new old

[–] BearOfaTime@lemm.ee 15 points 1 month ago (1 children)

Boy, I'm so glad Google doesn't want us sideloading apps, I fee so much safer using play. (Yes, that's sarcasm)

[–] burgersc12@mander.xyz 3 points 1 month ago

I mean, it was side loaded too. "Spotiplus" was infected with it apparently, but I do agree that Google allows so much malware on the store its crazy!

[–] Telorand@reddthat.com 6 points 1 month ago (1 children)

The infected apps are at the end.

The researchers found Necro in two Google Play apps. One was Wuta Camera, an app with 10 million downloads to date. Wuta Camera versions 6.3.2.148 through 6.3.6.148 contained the malicious SDK that infects apps. The app has since been updated to remove the malicious component. A separate app with roughly 1 million downloads—known as Max Browser—was also infected. That app is no longer available in Google Play.

The researchers also found Necro infecting a variety of Android apps available in alternative marketplaces. Those apps typically billed themselves as modified versions of legitimate apps such as Spotify, Minecraft, WhatsApp, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox.

People who are concerned they may be infected by Necro should check their devices for the presence of indicators of compromise listed at the end of this writeup.

[–] I_Miss_Daniel@lemmy.world 1 points 1 month ago

https://securelist.com/necro-trojan-is-back-on-google-play/113881/ for the list mentioned at the end of your comment.