Around 11 million Android users have been impacted by a new version of the Necro malware via malicious SDK supply chain attacks and modded versions of apps and games. As per a report by Securelist, Kaspersky spotted a new version of Necro Loader last month, and the same version has now been spotted in a modded version of some apps on the Google Play store.
According to reports, the Necro trojan was deployed through various methods, including legitimate applications, game mods, and even modded versions of Minecraft, Spotify, and WhatsApp.
ALSO READ | Top 5 Deals On Popular Smartwatches On Amazon, Flipkart: Check Out Best Sale Offers
What Does Nectro Trojan Do?
After installation, Necro deploys multiple payloads and activates several malicious plugins. These plugins operate adware on your device through hidden windows, execute various scripts, launch programs that unlawfully activate subscriptions, and reroute internet traffic.
Regarding Wuta Camera and Max Browser, Necro generates revenue for the attacker by automatically opening and clicking on ads in the background.
How Does It Spread?
The Necro trojan was discovered on Google Play integrated into two applications: Wuta Camera by 'Benqu' and Max Browser by 'WA message recover-wamr,' both of which have accumulated over a million downloads. Although a newer version of Wuta Camera has eliminated the malware, Kaspersky indicates that the latest iteration of Max Browser still contains it. Beyond the Play Store, the primary distribution method for the Necro trojan involves modified versions of apps and games that purport to offer additional features absent in the official versions.
Notable examples include modified apps like Spotify Plus and GBWhatsApp, along with FBWhatsApp. In terms of mobile games, the report highlights modded versions of popular titles such as Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. While Google has reported at least 11 million infected users, the trojan may have affected millions more, as tracking downloads from unofficial sources and third-party app stores is virtually impossible.
A Google spokesperson in a statement to Bleeping Computer said, “All of the malicious versions of the apps identified by this report were removed from Google Play prior to report publication.”
How To Safeguard Yourself From This Malware?
To protect yourself from the Necro mobile trojan, it’s essential to avoid downloading any dubious APKs from outside the Play Store.
When obtaining apps from legitimate sources like Aptoide or Google Play, be sure to read the reviews first to confirm that the app actually delivers the features it promises.