Connect with us

Hi, what are you looking for?

News

Necro Trojan Sneaks into Google Play with up to 11m Victims – Ravenewsonline

NECRO TROJAN
NECRO TROJAN

In late August 2024, Kaspersky experts identified a new version of the Necro Trojan that had infiltrated several popular applications on Google Play and modified applications on unofficial platforms, including Spotify, WhatsApp and Minecraft.

Necro is an Android downloader that downloads and runs other malicious components on infected devices based on commands issued by the Trojan’s creators. Kaspersky’s solutions recorded* Necro attacks targeting users in Russia, Brazil, Vietnam, Ecuador, and Mexico as part of this malicious campaign.

Capabilities of the Necro Trojan

The variant of Necro discovered by Kaspersky experts can download modules onto infected smartphones that display ads in invisible windows and click on them, download executable files, install third-party applications, and open arbitrary links in invisible WebView windows to execute JavaScript code.

Based on its technical characteristics, the Trojan is also likely capable of subscribing users to paid services. Additionally, the downloaded modules allow attackers to redirect Internet traffic through the victim’s device. This enables cybercriminals to visit prohibited or desired resources using the victim’s device, potentially utilising it as part of a proxy botnet.

Infected Apps on Unofficial Platforms

The first discovery of Necro by company’s experts was in a modified version of Spotify Plus. The creators of the app claimed that it was safe for devices and offered additional features not found in the official music streaming app.

Subsequently, experts also found a modified version of WhatsApp containing the Necro downloader, followed by infected versions of popular games, including Minecraft, Stumble Guys, and Car Parking Multiplayer. Necro was embedded into these applications via an unverified ad module.

Infected Apps on Google Play

The Necro campaign extended beyond third-party platforms and was also discovered on Google Play. The malicious downloader was found in the Wuta Camera app and Max Browser.

According to Google Play statistics, the combined downloads of these apps exceeded 11 million. On this platform, Necro was also distributed via an unverified ad module. Following Kaspersky’s report to Google, the malicious code was removed from Wuta Camera, and Max Browser was taken down from the store. However, users still risk encountering Necro on unofficial platforms.

“Users often download unofficial, modified apps to bypass restrictions in official applications or to access additional free features. Cybercriminals exploit this behaviour, spreading malware with these apps as there is no moderation on third-party platforms,” comments Dmitry Kalinin, cybersecurity expert at Kaspersky.

“It is also noteworthy that the version of Necro embedded in these applications used steganography techniques, hiding its payload within images to remain undetected – a very rare method for mobile malware.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

advert
nis
ad

You May Also Like

News

Dr. Ibrahim Abubakar Kana, Permanent Secretary, Ministry of Defence has inaugurated the Project Steering Committee and Project Implementation Technical Team for the Performance Management...

News

The N1 million extorted from three members of National Youth Service Corps (NYSC) by four officers of Lagos Police Command has been recovered and...

Tech

An Australian court has upheld a decision requiring X, formerly known as Twitter, to pay A$610,500 ($418,000) fine after failing to cooperate with a...

Politics

President Bola Ahmed Tinubu has conferred the nation’s second highest national honour, the Grand Commander of the Order of the Niger (GCON), on the...