More than 11 million users affected, Google confirms

About 11 million Android users have been affected by a new version of the Necro malware via malicious SDK supply chain attacks and modified versions of apps and games. According to a report from Securelist, Kaspersky spotted a new version of Necro Loader last month, and the same version has now been spotted in a modified version of some apps on the Google Play Store.

According to reports, the Necro Trojan was deployed in a variety of ways, including legitimate applications, game mods, and even modified versions of Minecraft, Spotify, and WhatsApp.

READ ALSO | Top 5 offers for popular smartwatches on Amazon, Flipkart: Check out the best sale offers

What does Nectro Trojan do?

Once installed, Necro deploys multiple payloads and activates several malicious plugins. These plug-ins operate adware on your device through hidden windows, run various scripts, launch programs that unlawfully activate subscriptions, and redirect Internet traffic.

As for Wuta Camera and Max Browser, Necro generates revenue for the attacker by automatically opening and clicking advertisements in the background.

How does it spread?

The Necro Trojan was discovered on Google Play and integrated into two applications: Wuta Camera by ‘Benqu’ and Max Browser by ‘WA message recovery-wamr’, both of which have amassed more than a million downloads. Although a newer version of Wuta Camera has eliminated the malware, Kaspersky indicates that the latest version of Max Browser still contains it. Besides the Play Store, the main distribution method for the Necro trojan involves modified versions of apps and games that claim to offer additional features missing from the official versions.

Common examples include custom apps such as Spotify Plus and GBWhatsApp, along with FBWhatsApp. In mobile games, the report highlights modified versions of popular titles such as Minecraft, Stumble Guys, Car Parking Multiplayer and Melon Sandbox. Although Google has reported at least 11 million infected users, the Trojan may have affected millions more, as tracking downloads from unofficial sources and third-party app stores is virtually impossible.

A Google spokesperson said in a statement to Bleeping Computer: “All malicious versions of the apps identified in this report were removed from Google Play prior to the report’s publication.”

How can you protect yourself against this malware?

To protect yourself from the Necro mobile trojan, it is essential that you do not download dubious APKs from outside the Play Store.

When purchasing apps from legitimate sources like Aptoide or Google Play, read the reviews first to confirm that the app actually delivers the features it promises.