Emerging Threat: Necro Malware Targets Android Users
In a landscape where convenience often meets vulnerability, the emergence of the Necro Trojan malware has raised significant concerns among Android users. This sophisticated malware has infiltrated applications listed on the Play Store, including popular names like WhatsApp and Spotify, posing a serious risk to device security.
The Necro loader employs steganography, a technique that conceals malicious payloads within seemingly innocuous files. This allows it to display ads in invisible windows, generating revenue for attackers while simultaneously draining battery life, slowing down device performance, and causing overheating. Alarmingly, it can also enroll users in unwanted paid subscription services. The malware is capable of downloading and executing arbitrary JavaScript and DEX files, further compromising device integrity.
Recent research by Kaspersky highlighted the dangers associated with modified applications. For instance, a version of Spotify known as Spotify Plus (version 18.9.40.5) was found to harbor the Necro malware. This version was available for download from a site flagged as dangerous, despite the original website’s claims of safety and enhanced features.
In their investigation, Kaspersky identified additional infected apps, including the Wuta Camera app, which boasted over 10 million downloads from the Google Play Store. Although Google has since removed this app, any users who had previously installed it remain at risk. It is strongly advised that users delete the Wuta Camera app from their devices immediately.
Another app, Max Browser, was also found to contain the Necro malware, accumulating over one million downloads before its removal from the Play Store. Users are urged to verify whether this app is still installed on their devices and to uninstall it without delay.
Furthermore, modified versions of WhatsApp and several game mods—including Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox—have been implicated in spreading the Necro malware. Given that these modified apps were not sourced from official channels, the total number of infected devices could far exceed the 11 million installations recorded for the two Play Store apps.
Kaspersky’s security tools have successfully blocked over 10,000 Necro attacks within a month, with the majority occurring in regions such as Russia, Brazil, and Vietnam. This alarming trend underscores the importance of vigilance among Android users.
To safeguard against such threats, users are encouraged to regularly check their devices for any of the following apps:
- Wuta Camera
- Max Browser
- Modified versions of WhatsApp
- Game mods for Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox
In conclusion, the best defense against malware is to install applications exclusively from official sources and to remain aware of the potential risks associated with modified software.