Cyber Security

Necro Trojan Strikes Google Play, Exposing 11 Million Users, Reports Kaspersky

96
(source: Securelist, Kaspersky)

Kaspersky identified a new version of the Necro Trojan that had infiltrated several popular applications on Google Play and modified applications on unofficial platforms.

Necro is an Android downloader that downloads and runs other malicious components on infected devices. An example of malicious components is the ability to display ads in hidden windows or install apps. The Trojan is also capable of subscribing users to paid services and redirecting internet traffic through the victim’s device, potentially turning it into a proxy botnet for cybercriminals.

“Users often download unofficial, modified apps to bypass restrictions in official applications or to access additional free features. Cybercriminals exploit this behavior, spreading malware with these apps as there is no moderation on third-party platforms,” comments Dmitry Kalinin, cybersecurity expert at Kaspersky.

Based on anonymized statistics of Kaspersky’s solutions from August 26 to September 15, Necro attacks target users in Russia, Brazil, Vietnam, Ecuador, and Mexico as part of this malicious campaign.

Kaspersky experts discovered the Trojan in a modified version of Spotify Plus. They also found it in a modified version of WhatsApp, followed by infected versions of popular games, including Minecraft, Stumble Guys, and Car Parking Multiplayer. Necro was embedded into these applications via an unverified ad module.

Other infected apps include ones in Google Play, such as the Wuta Camera app and Max Browser, which have combined downloads of over 11 million. Fortunately, the malicious code was removed from Wuta Camera, and Max Browser was taken down from the store after the Kaspersky Lab’s report to Google. However, users still risk encountering Necro on unofficial platforms.

To protect against this and other Android cyber threats, Kaspersky experts also recommend:

  • Download apps only from official sources;
  • Regularly update their operating system and installed applications;
  • Use a reliable security solution from a trusted manufacturer whose products are verified by independent test labs, such as Kaspersky Premium.

Kaspersky’s security solutions protect against Necro and detect the downloader as Trojan-Downloader.AndroidOS.Necro.f and Trojan-Downloader.AndroidOS.Necro.h, with the malicious components identified as Trojan.AndroidOS.Necro. To learn more about this Trojan, visit Securelist.com.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Kaspersky Cybersecurity Products Dominate 2024 Performance Rankings

Kaspersky continues to set the standard for excellence in cybersecurity. Throughout all...

Filipinos Must Stay Alert Amid Holiday Cybercrime Surge, Advises Kaspersky

As the holiday season approaches, many Filipinos are shopping online, exchanging gifts,...

Kaspersky Named Leader for its Managed Security Services and Incident Response

Kaspersky has been recognized as a technology leader in the 2024 Quadrant...

Businesses in Southeast Asia Face Over 23 Million Bruteforce Attacks in 2024, Reports Kaspersky

Kaspersky reported a massive record of over 23M bruteforce attacks targeting businesses...