Necro Trojan Resurgence Hits Over 11 Million Android Devices

Apps & Games / Mobile / Android / Necro Trojan Resurgence Hits Over 11 Million Android Devices
23 Sep 2024

Android Devices Under Siege: The Resurgence of the Necro Trojan

Android devices are facing a resurgence of the Necro trojan, a formidable malware that has reportedly infiltrated over 11 million smartphones. This alarming development comes from a recent blog post by cybersecurity firm Kaspersky, which first identified the Necro trojan in 2019. The trojan is now being disseminated through a variety of channels, including official applications on the Google Play Store, unofficial modified versions of popular apps, and Android game modifications.

The Necro trojan’s versatility is particularly concerning. Once installed, it can download additional payloads that activate a range of malicious plugins, enabling activities such as ad fraud, subscription scams, and the use of infected devices as proxies for sending harmful traffic.

Hiding in Official and Unofficial Apps

Even legitimate apps from the Play Store are not immune to compromise. As highlighted by BleepingComputer, the Necro trojan was embedded in a malicious advertising software development kit (SDK). One of the most downloaded apps, Wuta Camera, which boasts 10 million downloads, was found to contain the trojan in version 6.3.2.148. Users of this app are urged to update to version 6.3.7.138 or later, which has been cleared of the malware.

Another app, Max Browser, also fell victim to the Necro trojan, with its malicious code present in version 1.2.0. Although the app has been removed from the Play Store following Kaspersky’s alert to Google, it remains accessible through third-party app stores, raising concerns about its continued use.

Kaspersky’s investigation further revealed the trojan lurking in a modified version of the Spotify Plus app, which attracted users with the promise of a free, unlocked subscription. This should have raised red flags for potential users, yet many proceeded to download it, leading to infections.

Additionally, the Necro trojan has been found in mods for popular games such as WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. The appeal of game mods often entices users, but caution is advised; avoiding such modifications can mitigate the risk of infection.

How to Stay Safe from Android Malware

To safeguard against malware-laden apps, the foremost strategy is to refrain from downloading applications from unofficial sources. While sideloading may seem convenient, it poses significant risks. Users are encouraged to stick to reputable app stores like the Google Play Store, Samsung Galaxy Store, and Amazon Appstore.

Ensuring that Google Play Protect is activated on your Android device is another critical step. This built-in feature scans both new and existing apps for malware and other threats. For enhanced security, consider supplementing it with a reliable Android antivirus application.

Even when downloading from official app stores, it’s prudent to scrutinize app ratings and reviews. However, given that these can be manipulated, seeking out video reviews online can provide a clearer picture of the app’s functionality before installation.

Despite Google’s ongoing efforts to eliminate malicious apps from the Play Store, some inevitably slip through the cracks. Therefore, maintaining a streamlined selection of apps on your device can further reduce exposure to potential threats.

Update: 23 Sep 2024