Android users, beware: malicious apps are still making their way onto the Google Play Store. The most recent discovery involves two Play Store apps containing a malware Trojan called Necro, which has affected over 11 million devices. Shockingly, this Trojan has also been found in unofficial apps, making the number of victims much higher.
The Necro Trojan: A Growing Threat
Researchers from Kaspersky recently unveiled that the Necro Trojan had become the new version, targeting Android users through two major channels, including:
Legitimate Apps on the Google Play Store
Some legitimate apps, published on the Play Store, were infected with the Necro Trojan. Therefore, innocent persons could readily have installed those apps without knowing, thus infecting their devices.
Unofficial Apps
The Trojan was also found in modified versions of popular apps like Spotify and Minecraft. Especially risky are users who sideload these modified applications—meaning that they download them from outside the Google Play Store. Such include “custom” versions of applications like Spotify and WhatsApp.
The Dangers of Modified Apps
One of the very first applications Kaspersky tested was a hacked version of the music streaming service, Spotify. “Spotify Plus” boasted free versions of Spotify Premium features and touted being “Security Verified.” But Kaspersky discovered the information was fake and that the application was actually infested with the Necro Trojan.
The Trojan was also found in unofficial versions of WhatsApp, specifically in “GBWhatsApp” and “FMWhatsApp,” which are popular alternatives for users seeking additional features not present in the original app.
In addition, Necro was detected in a variety of game mods, including modified versions of:
- Minecraft
- Stumble Guys
- Car Parking Multiplayer
- Melon Sandbox
Kaspersky emphasized that it’s difficult to determine exactly how many users were affected by these unofficial apps, since the downloads were not tracked in the same way as those from the Play Store.
The Impact of Trojan-Infected Play Store Apps
In the Google Play Store, Kaspersky, the well-known security firm, discovered more than 11 million Android devices were infected by the Necro Trojan through applications. The highest number of victims was caused by Wuta Camera, which was downloaded more than 10 million times. Initially, the application had no malware until version 6.3.2.148 introduced the Trojan. Fortunately, the infected version has already been removed from the store, and it can be safely downloaded.
Another app that was infected with a Trojan: Max Browser that downloaded over a million times. This time, Google had to pull the entire app from the Play Store, without any mercy. The first version that has an infection is version 1.2.0.
What the Necro Trojan Does
Once the Necro Trojan infects your device, it can perform a range of malicious activities, which may include:
- It will Activate adware that opens various spammy links using hidden windows.
- It may run several scripts that focus on extracting money from you or might run a cryptocurrency mining tool.
- May Enroll your device in unauthorised subscription plans without your consent.
- Can act as a proxy for routing malicious traffic through your phone, making your device a part of the botnet.
There could be various ways the malware can damage you and your device, such as showing ads, using the device’s CPU power for mining cryptocurrency, running malicious script in background that can extract financial information and much more.
How to Protect Your Device
To ensure that your device is Trojan-free with malware, follow these steps:
- Scan your Android phone for the Play Store apps above. If you have Wuta Camera then, do update it immediately so you can get hold of the latest, safe version. In the case of Max Browser, you would delete it on your mobile because there is no safe version available.
- Avoid Modified Apps
Remove any of the changed apps that you have that feature in this post, including Spotify Plus, GBWhatsApp, FMWhatsApp, or any of the game mods. These apps are illegal and present an imminent security threat. - Be Careful About Sideloading
On the other hand, while sideloading might get you features that aren’t on the Play Store, it’s quite a high-risk operation. Without Google checking for malware, these applications may carry something nefarious-sounding. Where possible, use apps on the Play Store to minimize your risk.
Check out Tech Insights for more such interesting content.
