Dhaka,  Tuesday
05 November 2024

Kaspersky reports Necro Trojan sneaks into Google Play with up to 11 million victims

Messenger Online

Published: 18:51, 3 October 2024

Kaspersky reports Necro Trojan sneaks into Google Play with up to 11 million victims

Photo : Courtesy

In late August 2024, Kaspersky experts identified a new version of the Necro Trojan, infiltrating popular apps like Spotify, WhatsApp, and Minecraft on unofficial platforms, and Wuta Camera and Max Browser on Google Play. Necro, an Android downloader, installs additional malicious components that can display invisible ads, install third-party apps, open arbitrary links, and potentially subscribe users to paid services.

The Tr;ojan also enables attackers to redirect internet traffic through infected devices, potentially using them as part of a proxy botnet. Initially discovered in a modified Spotify Plus app, Necro was later found in other apps through unverified ad modules. Kaspersky recorded attacks targeting users in Russia, Brazil, Vietnam, Ecuador, and Mexico. After Kaspersky's report, Google removed the malicious code from Google Play, but risks remain on unofficial platforms.

“Users often download unofficial, modified apps to bypass restrictions in official applications or to access additional free features. Cybercriminals exploit this behaviour, spreading malware with these apps as there is no moderation on third-party platforms,” comments Dmitry Kalinin, a cybersecurity expert at Kaspersky. “It is also noteworthy that the version of Necro embedded in these applications used steganography techniques, hiding its payload within images to remain undetected – a very rare method for mobile malware.”

Kaspersky’s security solutions protect against Necro and detect the downloader as a Trojan-Downloader.AndroidOS.Necro.f and Trojan-Downloader.AndroidOS.Necro.h, with the malicious components identified as Trojan.AndroidOS.Necro. To learn more about Necro Trojan, visit Securelist.com.

To protect against this and other Android cyber threats, Kaspersky experts also recommend to download apps only from official sources, regularly update their operating system and installed applications, and use a reliable security solution from a trusted manufacturer whose products are verified by independent test labs, such as Kaspersky Premium.

This article is written with the data based on anonymized statistics of Kaspersky solutions for August 26 - September 15, 2024.

Messenger/Sajib