The Necro Trojan infected 11 million Android devices – it was found in modifications of popular applications and even in the Google Play store, where two Necro-infected applications were identified, Kaspersky Lab reported.
Image source: Denny Müller / unsplash.com
Necro malware injects itself into applications via infected SDKs for software development. It is found in modified versions of popular apps, including Spotify, WhatsApp and Minecraft. Once launched, the Trojan infects systems with other malware: adware, fraudulent software, and tools that allow mobile devices to be used as proxy servers to carry out other attacks.
In the Google Play store, the Wuta Camera and Max Browser applications were infected with Necro. Wuta Camera has over 10 million installations; The Trojan contained version 6.3.2.148, and in more recent versions it has already been removed. But even after the Trojan is removed, the payload may remain on the devices of affected users – malicious applications installed with its help. Wuta Camera and Max Browser were infected via the Coral SDK advertising toolkit.
Since most of the applications infected by Necro are hacked or modified, it is recommended to use software only from official sources. Although there is always a possibility that they are also unsafe, if you remember the Wuta Camera application posted on Google Play, therefore it is recommended to install anti-virus software on gadgets.