Necro Trojan Targets Google Play Apps, Potentially Compromising Millions of Devices

Kaspersky reported on Monday that they discovered the presence of Necro loader on two apps on Google Play, both of which have a substantial userbase.

This multi-stage loader is known for its ability to infiltrate popular applications and execute malicious payloads, potentially compromising the security of sensitive personal data.

According to Google Play data reported by Kaspersky, the infected applications could have been downloaded over 11 million times.

However, the actual number of infected devices might be much higher, considering that the Trojan also infiltrated modified versions of popular apps distributed through unofficial sources, the report notes.

The Necro Trojan is known to target a wide range of popular apps, including CamScanner and Spotify. By injecting malicious code into these apps’ APK files, the malware can gain access to a device and perform a variety of harmful actions, as noted by Kaspersky.

One common tactic is to display intrusive advertisements, bombarding users with unwanted ads that can disrupt their experience and potentially expose them to malicious content.

Kaspersky explains that to avoid detection, the Necro Trojan employs techniques such as steganography, which involves hiding information within other data. This makes it difficult for traditional antivirus software to identify and block the malware.

Additionally the report notes that the Necro Trojan can download and execute arbitrary files from remote servers, potentially installing additional malware or compromising the device’s security.

Another dangerous capability is its ability to install other malicious applications without the user’s knowledge or consent, further compromising the device’s security.

Furthermore, the malware can subscribe to premium services without the user’s authorization, resulting in unexpected charges and financial losses.

The Kaspersky report urges Android users to exercise caution when downloading and installing applications from third-party sources. It is recommended to stick to official app stores like the Google Play Store and avoid downloading apps from unofficial marketplaces or websites.

Additionally, users should be wary of granting excessive permissions to apps and keep their devices and apps updated with the latest security patches.