A new version of Necro malware It has reportedly affected more than 11 million Android users through supply chain attacks, malicious SDKs, and modified versions of apps and games, according to a Securelist report. The Necro loader, recently discovered by Kaspersky, has been detected in legitimate apps, game mods, and modified versions of popular apps like Minecraft, Spotify, and WhatsApp.
How the Necro Trojan spreads
Necro malware spreads through official and unofficial app stores. On Google Play, the Trojan was found embedded in two applications: Wuta Camera from ‘Benqu’ and Max Browser from ‘WA message recovery-wamr’. These applications together obtained more than one million downloads. While the malware has been removed from Wuta Camera in a new version, Kaspersky’s report suggests that the latest version of Max Browser still includes the trojan.
Outside of Google Play, Necro primarily spreads through modified versions of apps and games. These unofficial versions, which claim to offer additional features not available in the official versions, are popular among users looking for improved functionalities. Some notable examples include Spotify Plus, GBWhatsApp, and FBWhatsApp, as well as modded games like Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. These modified apps are often available through third-party websites and app stores, making it difficult to track the number of infected users, which could raise the number of those affected to more than 11 million.
Necro’s malicious activities
Once the Necro Trojan is installed on a device, it activates various harmful payloads and plugins that carry out a variety of malicious activities. These include running adware in invisible windows, running scripts that fraudulently activate subscriptions, and installing programs that direct Internet traffic through specific channels. These activities allow attackers to generate illicit profits by opening and clicking on ads in the background, without the user knowing.
Specifically, in the case of Wuta Camera and Max Browser, Necro made money for its operators by automating ad clicking processes, allowing attackers to profit from fraudulent ad interactions.
Google’s response
Google acknowledged the presence of Necro in Play Store apps and revealed that more than 11 million users had been affected. In a statement to Bleeping Computer, a Google spokesperson confirmed that all identified malicious apps had been removed from the Play Store prior to the publication of Kaspersky’s report. However, due to the prevalence of third-party app stores and modified versions, the total number of infected devices is likely to be much higher.
Risks for users
Necro malware poses significant risks to users by compromising device security, installing adware, and causing potential data breaches or financial losses due to fraudulent subscriptions. Users are advised to avoid downloading apps from unofficial sources and regularly update their devices to reduce exposure to these types of threats.
Disclaimer:
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.