In a startling revelation, Kaspersky has identified a new variant of the Necro Trojan that has infiltrated popular apps on Google Play, affecting up to 11 million users.
This Android downloader, capable of executing malicious commands, was found in modified versions of well-known applications such as Spotify, WhatsApp, and Minecraft.
Kaspersky’s analysis indicates that the Trojan targets users across multiple countries, including Russia, Brazil, Vietnam, Ecuador, and Mexico.
The capabilities of this variant are particularly concerning. It can display ads in hidden windows, install unauthorized applications, and execute JavaScript code without user consent.
Moreover, the Trojan may subscribe victims to paid services and redirect internet traffic through compromised devices.
The initial discovery of Necro occurred in a modified version of Spotify Plus, which falsely claimed to offer enhanced features.
Subsequent investigations revealed its presence in altered versions of WhatsApp and popular games like Minecraft and Stumble Guys.
On Google Play, the malicious downloader was embedded in the Wuta Camera app and Max Browser, both of which have collectively amassed over 11 million downloads.
Following Kaspersky’s alert, Google removed the malicious code from Wuta Camera and took down Max Browser from its store.
However, users remain at risk from unofficial platforms where these dangerous modifications persist.
Dmitry Kalinin, a cybersecurity expert at Kaspersky, warns that cybercriminals exploit users’ tendencies to download unofficial apps to bypass restrictions.
He notes that the Necro Trojan employs advanced steganography techniques to conceal its payload within images, making detection challenging.
To safeguard against such threats, Kaspersky advises downloading apps solely from official sources and regularly updating software.
To learn more about Necro Trojan, visit Securelist.com.
Leave a Reply