New Necro Trojan Variant Targets Android Users via Google Play Apps

25 Sep 2024

Emerging Threat: The Necro Trojan Targets Android Users

In a concerning development for Android users, security researchers at Kaspersky have unveiled a new variant of the Necro trojan, which is infiltrating devices through both legitimate Google Play applications and altered APKs found on unofficial websites. This sophisticated malware poses a significant risk, with capabilities that include stealing sensitive information, installing additional malicious software, and executing commands remotely on compromised devices.

Kaspersky’s investigation led to the identification of two infected applications on the Google Play Store:

  • Wuta Camera: Over 10 million downloads.
  • Max Browser: Over 1 million downloads.

Following Kaspersky’s alert, Google promptly removed these applications from its platform to safeguard users.

Moreover, the researchers found the Necro trojan hidden within unofficial “modded” versions of popular applications such as Spotify, WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. These modified APKs, often marketed as offering premium features at no cost, are prevalent on third-party sites and represent a substantial threat to unsuspecting users.

Understanding the Necro Trojan’s Capabilities

The distribution methods employed by the attackers are varied and cunning. For instance, in the Spotify mod, an embedded SDK was used to present advertising modules. If a user interacted with a particular image-based module, the trojan payload would be activated from a command-and-control (C&C) server. Similarly, the WhatsApp mod utilized Google’s Firebase Remote Config cloud service as a C&C server, deploying the trojan upon user engagement with a designated module.

Once the Necro trojan has infiltrated a device, it can execute a multitude of harmful actions, including:

  • Downloading and installing additional malicious files and applications.
  • Opening invisible browser windows to run harmful JavaScript code.
  • Subscribing users to costly paid services without their consent.
  • Stealing sensitive data, including login credentials and financial information.

Guidance for Users

While the infected apps on Google Play have been removed, the threat from modded APKs continues to loom large. Kaspersky offers the following recommendations to help users protect themselves:

  1. Avoid downloading applications from untrusted third-party sources.
  2. Only install apps from official app stores like Google Play.
  3. Exercise caution with apps that claim to provide premium features for free.
  4. Consider installing a reputable mobile antivirus solution to enhance security.

Update: 25 Sep 2024

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7248339
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1656959
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
708053
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
487444
downloads

News and reviews for Mobile Android

New Android Deals on Apps and Icon Packs

New Android Deals on Apps and Icon Packs

Several Android apps and icon packs, including WINCH IT OUT and Boxville, are on sale today. Look for discounts across Google Play.

Read more
App Lock in Android 17 to Enhance User Privacy

App Lock in Android 17 to Enhance User Privacy

Android 17's App Lock will secure apps by showing generic notifications, improving privacy.

Read more
TrackerControl Enhances Privacy with Android App

TrackerControl Enhances Privacy with Android App

TrackerControl offers Android users visibility and control over app tracking, enhancing privacy and data protection.

Read more
KakaoTalk Dominates Mobile Messaging in South Korea

KakaoTalk Dominates Mobile Messaging in South Korea

KakaoTalk leads mobile messaging in South Korea as of January 2025, per survey. Services expand across navigation, finance, and more.

Read more
Reveals Android 17's Native App Lock Features

Reveals Android 17's Native App Lock Features

Android 17 introduces App Lock: improving notification privacy by hiding sensitive content for locked apps.

Read more
Highlight Android Deals Feature Top App Discounts

Highlight Android Deals Feature Top App Discounts

Android deals spotlight top apps like Kingdomino. Key discounts available today for gaming and productivity tools.

Read more
Android Deals: Top Discounts on Games and Apps in 2026

Android Deals: Top Discounts on Games and Apps in 2026

Discover Android deals on top games like Kingdomino and Streets of Rage 4 in 2026, cutting prices on popular titles for tech-savvy shoppers.

Read more
Eight Key Apps Shift User Habits in 2025

Eight Key Apps Shift User Habits in 2025

Discover how eight apps transformed Android users' digital routines in 2025, enhancing productivity and personal growth.

Read more
Google Play May Introduce Free Game Trials for Android Users

Google Play May Introduce Free Game Trials for Android Users

Android users might soon experience demos of paid games on Google Play, aiming to boost sales.

Read more
Five Notable Open-source Apps Enhance Android Experience

Five Notable Open-source Apps Enhance Android Experience

Explore five open-source apps for Android, offering privacy and customization benefits in music, security, and more.

Read more
All article