In a troubling twist reminiscent of past security breaches, the "Necro" trojan has re-emerged within applications on the Google Play Store, despite its initial discovery back in 2019. Kaspersky’s security research team has revealed that this notorious piece of Android malware infiltrated several widely-used apps, amassing over 11 million downloads before it was identified and removed.
Popular Apps Compromised
The most notable culprits among the infected apps were the "Wuta Camera" and "Max Browser." A significant portion of the 11 million downloads can be traced back to these two applications, underscoring their popularity among users. Following the detection of the malware, Google promptly took action to eliminate the compromised apps from its platform.
However, the threat posed by Necro extends beyond the confines of the Google Play Store. As is often the case with mobile malware, it has also been circulating through unofficial channels. Users seeking modified versions of popular applications like WhatsApp, Spotify, and Minecraft—often lured by promises of enhanced features or free access to premium services—have unwittingly exposed themselves to the risks associated with Necro.
Malware Operation and Impact
Upon installation, the malware begins its operation by transmitting critical system information to servers controlled by the attackers. This data includes the device’s IMEI number, RAM specifications, and the version of Android in use. Once established, Necro can download various plugins that expand its capabilities, allowing attackers to implement a range of malicious activities. One such plugin is particularly intrusive, enabling the display of unwanted advertisements at random intervals, further disrupting the user experience.
The infiltration of malware like Necro into apps available on the Google Play Store raises significant concerns, especially given its history. While it is prudent to advise users to rely on official app stores for their downloads, incidents like this can erode trust in such guidance. It is hoped that Google will take valuable lessons from these occurrences, enhancing their malware detection systems to bolster user security in the future.