© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
A new version of the Necro malware has reportedly affected more than 11 million Android users via malicious SDK supply chain attacks and modded versions of apps and games.
According to a recent report by Securelist, a new version of Necro loader discovered last month by Kaspersky was spotted in a modded version of apps as well as some apps on the Google Play Store.
The Necro trojan was installed via several
methods like legitimate apps, game mods, and even modded versions of popular apps like Minecraft, Spotify and WhatsApp.
On Google Play, the Necro trojan was found embedded in two apps – Wuta CAmera by ‘Benqu’ and Max Browser by ‘WA message recover-wamr’, both of which have more than a million downloads.
While a new version of Wuta Camera removed the malware, Kaspersky says the latest version of Max Browser still carries the malware.
Outside of the Play Store, the Necro trojan’s primary method of distribution is via modified versions of apps and games that claim to offer additional features which the official apps miss out on.
Some of the examples include modded Spotiy and WhatsApp named Spotify Plus and GBWhatsApp and FBWhatsApp. As for mobile games, the report mentioned modded versions of Minecraft, Stumble Guys, Car Parking Multiplayer, Melon Sandbox.
While Google has revealed that the number of infected users is at least 11 million, the trojan might have impacted millions more as there is no way to track app downloads from unofficial sources and third party app stores.
In a statement to Bleeping Computer, a Google spokesperson said that “All of the malicious versions of the apps identified by this report were removed from Google Play prior to report publication.”
Once installed, Necro installs several payloads and activates a number of harmful plugins. These plugins run adware on your device with invisible windows, run various scripts, execute programs that fraudulently activate subscriptions and route traffic.
As for Wuta Camera and Max Browser, Nectro generated money for the attacker by opening and clicking on advertisements in the background.
To keep your self safe from Necro mobile trojan, make sure to not download any suspicious APKs outside of the Play Store. Even if you are downloading apps from official sources like Aptoide and the Google Play Store, make sure to check the reviews once to see if the app is indeed offering the features it claims.
