The Resurgence of the Necro Trojan
Android users are once again facing a significant threat from a dangerous trojan known as Necro. Cybersecurity firm Kaspersky reports that the trojan, first discovered in 2019, has resurfaced and infected at least 11 million devices. The trojan is now being distributed via official apps on the Google Play Store, unofficial versions of popular apps, and Android game mods.
How the Necro Trojan Operates
Once installed on an Android device, Necro downloads additional payloads that activate a variety of malicious plugins. From adware to subscription fraud to using infected devices as proxies to send malicious traffic, this malware is highly versatile due to these plugins. Here’s what you need to know about the Necro trojan and how it can infect your smartphone, along with some tips on how to protect yourself from Android malware.
The Trojan Lurks in Official and Unofficial Apps
Even if you download a legitimate app from the Play Store, there’s still a chance it could be malicious as good apps can become compromised due to hackers. This appears to be the case with the Necro trojan, which was installed through malicious advertising software development kits (SDK).
Infected Apps: Wuta Camera and Max Browser
The first and most downloaded app on the Play Store to be infected is Wuta Camera, an app that lets you take pictures, touch them up, and add effects. This app alone was downloaded 10 million times. The Necro trojan was added to version 6.3.2.148 of Wuta Camera. However, versions starting from 6.3.7.138 no longer contain the trojan. This means if you’re using an older version of this app, you need to update it immediately.
The next official app infected with the Necro trojan is a web browser called Max Browser, which has one million downloads. The trojan was added to its code in version 1.2.0, but the app was removed from the Play Store after Kaspersky informed Google that it had become malicious. However, it’s still available on third-party app stores, so it’s best to avoid downloading Max Browser for now.
Necro Trojan Found in Modified Spotify Plus App
Kaspersky also discovered the Necro trojan in a modified version of the Spotify Plus app. Users were invited to download a new version of the app from an unofficial source. However, unlike with the official Spotify app, this version was free and came with an unlocked subscription. This should have been a warning sign, but some unsuspecting users decided to download and install it, leading to their phones being infected with the Necro trojan.
Game Mods: A Breeding Ground for the Necro Trojan
Kaspersky found the Necro trojan lurking in mods for WhatsApp, Minecraft, and other popular games including Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. Hackers often use mods to popular games as a lure, so it’s recommended to avoid modding mobile games altogether.
How to Protect Yourself from Android Malware
The first and most crucial step in avoiding malware-filled apps is to refrain from downloading apps from unofficial sources. Sideloading apps may be easy and convenient, but it can also be extremely risky. Stick to official app stores like the Google Play Store, Samsung Galaxy Store, and the Amazon App Store.
Ensure that Google Play Protect, which comes pre-installed, is enabled on your Android smartphone. This app scans all new apps as well as your existing ones for malware and other threats. For even more protection, consider using one of the top Android antivirus apps.
Even when downloading apps from the Play Store or other official app stores, check their ratings and reviews first. As these can be faked, it’s always a good idea to look for a video review online before downloading an app.
Despite Google’s efforts to eliminate malicious apps from the Play Store, they still manage to slip through the cracks from time to time. This is why it’s a good idea to limit the number of apps on your phone overall.