A new Android malware called the Necro Trojan has been discovered, putting millions of devices at risk. This malicious software has infiltrated popular apps through compromised advertising SDKs, highlighting the growing threat of supply chain attacks in the mobile ecosystem.
The Necro Trojan’s Reach
Two apps on the Google Play Store were found to contain this malware. Wuta Camera, developed by Benqu, has over 10 million downloads and was affected from mid-July to late August this year. The other app, Max Browser, had over a million downloads before its removal from the store, but its latest version still harbors the malware.
The reach of this Trojan extends beyond official app stores. Modified versions of popular apps like WhatsApp, Spotify, and Minecraft, distributed through unofficial channels, have also been found to contain the Necro Trojan.
Impact on Infected Devices
Once installed, the Necro Trojan primarily affects devices by installing adware. This malicious software loads websites through invisible WebView windows, generating ad revenue for the attackers at the expense of unsuspecting users. Additionally, the Trojan can download and run arbitrary code, facilitate subscription fraud, and route malicious traffic, making it difficult to trace its origin.
Protecting Your Device
Google is reportedly aware of this issue and investigating it. In the meantime, users should exercise caution when downloading apps. If you’ve installed either Wuta Camera or Max Browser, uninstall them immediately and run a scan with a reputable antivirus app. While there’s no evidence of account compromise, changing important passwords is advisable as a precautionary measure.
The Play Store’s Play Protect feature is crucial in defending against such threats. It scans apps before installation and can detect harmful apps post-installation. To ensure Play Protect is active on your device, open the Google Play Store, tap your profile icon, select Play Protect, then Settings, and enable “Scan apps with Play Protect.”
Read this also: Hackers Target Google Chrome: Is Your Browser Safe?
Sources: SecureList by Kaspersky, BleepingComputer
