In a recent SecureList report by Kaspersky, cybersecurity researchers discovered a new Necro malware that has been infiltrating various apps from Google Play Store and other unofficial sources.
The new malware has affected over 11 million users through malicious SDK supply chain attacks using compromised advertising SDKs, while its previous attack in 2019 affected over 100 million users.
The recent version of Trojan malware was found on two Play Store apps, Benqu’s Wuta Camera and Max Browser.
The former had over 10 million downloads, containing the Necro Trojan from version 6.3.2.148 (July 18) through version 6.3.6.148 (August 20). The latter had 1 million downloads but has been removed from the Play Store, while its latest version 1.2.0 still houses the malware
Necro has also been found on many modified versions of some popular apps, such as WhatsApp, Spotify, and Minecraft, which are often distributed through unofficial sources.
Trojan installs adware on your device and loads websites through invisible WebView windows, gathering ad revenue for the attacker using your device. It can also download and execute arbitrary code on the infected device, allow subscription fraud, and route malicious traffic using advanced obfuscation techniques
After these reports, Google Play Store immediately took action and reported, “All of the malicious versions of the apps identified by this report were removed from Google Play prior to report publication.”
Following this incident, users are urged to avoid downloading apps from unofficial sources and make sure their devices are updated with security solutions.
If you have accidentally installed an infected app, update it to a version where it’s not infected, delete the app, and scan your device with a credible antivirus for any remnants. It is also recommended to change your passwords, even if there is no inkling of manipulation with any login credentials.
