Necro malware infects 11 million Android phones via the Play Store

Security malware image 83948938439

Google has been continuously working to make Android a secure OS for everyone out there. With several layers of security in place these days, bad actors often find it hard to do any damage to Android phone users these days. That said, not all apps including those listed in the Google Play Store are secure. Yes, you read that right. A newly discovered version of Necro Trojan malware has reportedly infected some Android apps listed on the Google Play Store.

On top of that, the report claims that some popular modded games and apps such as WhatsApp and Spotify also contain this malware. So, if you often side-load modded apps and games from unknown websites, you need to be extra careful. We’ll discuss the findings later, but first, let me walk you through what exactly is Necro Malware.

Kaspersky says Necro Trojan malware is back and has infected millions of Android phones

The Necro Trojan malware was first discovered in 2019 by security researchers at Kaspersky. The Necro malware seems to have returned on many Android phones. Now, you must be wondering how it spreads. Once a user installs an infected app, Necro downloads additional payloads and uses steganography to hide payloads using another message which results in displaying ads in invisible windows.

This practice generates cash for the attackers while giving you a hard time by affecting your Android phone’s battery life and performance. In addition, it can also sign up the infected phone to pay for subscription services. Worth noting that these Necro payloads can also download arbitrary JavaScript and DEX files with the ability to execute them.

Last month, researchers from Kaspersky came across a Necro malware-infected modded Android app called Spotify Plus (version 18.9.40.5) which users could download from a website flagged dangerous by the security firm. The website which claims to be genuine stated that the app was safe, certified, and had many features that are not available on the official Spotify app.

Necro malware infected modded Spotify app
Image credit: Kaspersky

The malware also infected some apps from the Google Play Store

Additionally, researchers found that some Android apps with 11 million combined downloads on the Google Play Store were infected with Necro Trojan malware. One such app is the Wuta Camera app which had 10 million downloads alone. The Max Browser was another app with over 1 million downloads that had Necro malware. According to the findings, the app has been infected with the malware since the rollout of version 12.0.

Fortunately, Google has removed both the apps from the Google Play Store. However, if you had previously installed it, make sure to remove it as soon as possible. Besides, a modified version of WhatsApp with the same package name in the Play Store contained the Necro loader too. Researchers have also found the Necro malware in other modded gaming Android apps including Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox.

The security firm further speculates that the number of infected devices could be much more than what it has estimated. That’s because tech-savvy users generally install modded apps from unverified sources. This makes it quite hard to track the number of downloads. Moreover, it mentions that the Necro attack has mostly affected Android phone users in Russia, Brazil, and Vietnam. You can check the apps including their version in the image below so that you can remove them immediately.

Necro Malware infected Android apps list

The post Necro malware infects 11 million Android phones via the Play Store appeared first on Android Headlines.