New Version of Necro Trojan Discovered in Popular Google Play Apps and Modded APKs
Security researchers at Kaspersky have identified a new version of the Necro Trojan, now targeting Android users through both official Google Play apps and modified APKs (Android application packages) found on third-party websites. This sophisticated malware poses a serious risk, with capabilities that include stealing sensitive data, installing additional malware, and remotely executing harmful commands on infected devices.
Google Play Apps Removed
Kaspersky’s investigation revealed two infected apps available on the Google Play Store:
- Wuta Camera: Downloaded over 10 million times.
- Max Browser: Downloaded over 1 million times.
Upon notification from Kaspersky, Google swiftly removed these apps from the Play Store. However, the threat extends beyond these apps, as researchers also found the Necro Trojan embedded in “modded” versions of popular apps hosted on unofficial websites.
Modded APKs Contaminated with Necro Trojan
The Necro Trojan has also been found in unofficial, modified versions of widely-used apps, such as Spotify, WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. These modded APKs often promise users premium features for free but come with hidden dangers.
Cybercriminals use a variety of tactics to distribute the Trojan. For instance, in the modified version of Spotify, an embedded SDK serves advertising modules, which deploy the Trojan when users interact with specific image-based ads. Similarly, the modded WhatsApp APK leverages Google’s Firebase Remote Config cloud service to act as a command-and-control (C&C) server, activating the Trojan when a user interacts with certain modules.
Necro Trojan’s Malicious Capabilities
Once installed, the Necro Trojan can:
- Download and install additional malicious files and apps.
- Open invisible browser windows to execute malicious JavaScript code.
- Enroll users in expensive premium services without their consent.
- Steal sensitive information, such as login credentials and financial data.
How to Stay Safe
Although the infected apps have been removed from Google Play, the threat posed by modded APKs on third-party websites remains significant. To protect yourself:
- Download apps only from trusted sources, such as official app stores like Google Play.
- Be cautious of apps offering premium features for free, as these are often bait for malicious software.
- Install a reputable mobile antivirus solution to help detect and prevent malware infections.
By taking these precautions, you can reduce your risk of falling victim to the Necro Trojan and other malicious software. Stay vigilant and only install apps from trusted sources to keep your device secure.
Thank you for reading! We hope this provides you with valuable insights. For more updates on the latest in technology, be sure to explore our Technology News blogs at AdvanceDataScience.com, where we bring you daily news on what matters in the tech world.
