A new version of the Necro malware loader infected 11 million Android devices via malicious advertising SDKs in legitimate apps and modified versions of popular software. The malware primarily spreads through unofficial websites and modified apps, but two legitimate Google Play apps were also found to be infected. Kaspersky identified several malicious plugins associated with Necro, including those that display ads, download and execute files, facilitate subscription fraud, and use infected devices as proxies. The total number of infections is unknown, but at least 11 million devices were infected through Google Play.