Researchers at Kaspersky have discovered a malware Trojan, Necro, that has affected over 11 million Android devices. That number is just from the Play Store apps, which means the actual number of victims is likely much higher.
Wuta Camera, Max Browser, WhatsApp Mods, Spotify Mods, and Minecraft Mods were found to be infected with a Necro Sideloader. All the apps are shown to contain CoralSDK. If you downloaded any of this remove the apps and wipe your phone.
It is unintentionally correct: Google Play, and its contents, is corporate malware, people should use F-Droid to get safer and free (as in freedom) apps. Neostore is a nice app to access it.
Doesn't the play store have their "Play Protect" thing they're always shoving in my face? Why didn't that pick this up before 11 million people installed the app?
Because play protect is a piece of shit that is not very reliable. Google mostly uses it to block installation of apps or remove apps that they don't like such as cracked apps, or apps that are used to crack other apps.
The real malicious apps are typically able to sneak past it.
Yes... no... sorta....kinda... but no different than how most, if not all, large American security and tech vendors have either overt, or covert, links to the the American Security State.
Kaspersky is a long established credible actor and leader in the threat research space, hands down one of the best track records over the long run, and you should take their reporting and disclosures seriously.
I'm not saying that to dismiss the very valid concerns about installing Kaspersky on sensitive private sector and government systems, but to contextualize my answer.
On a sort of related note, earlier I said that the American security state has both overt, or covert, links all across the American tech sector.
What that means is that, even if a company holds their principles not compromising their customers or their product, the US government can either get a court order to force it, or they'll be targeted by something like the Pentagons Signature Reduction program
and have sheep dipped employees worked into their organization.
Point is, Kaspersky is one of the few remaining Russian brands and entities still holds a lot of credibility in it's field, but again, that doesn't mean the concerns of Western government's aren't valid, just that they should be viewed in the proper context.
Great explanation! So, to summarize: They know their trade but their software should not be installed because it's like with US Software: Backdoors Likely Integrated.
On the other side, I still use some Google Products...