New Version of Necro Trojan Infects 11 Million Android Devices

Sophia Taylor

By Sophia Taylor

Published:

A dangerous new version of the Necro Trojan has surfaced, infecting millions of Android devices through both official and unofficial app stores. According to recent research, the malware has infiltrated popular apps like Wuta Camera and Max Browser, causing serious security concerns for users worldwide.

The Necro Trojan is known for its ability to hide within seemingly safe apps, even those available on Google Play. This malware can perform a range of malicious activities, including displaying intrusive ads, downloading and running unauthorized files, and modifying URLs.

Its most troubling feature is that it can operate in the background without the user’s knowledge, using advanced techniques like obfuscation and steganography to avoid detection.

In late August 2024, the Necro Trojan was found in both official apps, like Wuta Camera and Max Browser, and in modified versions of popular apps like Spotify and Minecraft, downloaded from unofficial sources. Collectively, these infected apps reached more than 11 million Android devices, making it one of the most widespread Android malware threats in recent years.

Fig 1: Max Browser app in Google Play. Source: Kaspersky

Kaspersky, a leading cybersecurity company, first discovered the malware while investigating a modified version of Spotify known as Spotify Plus. This mod promised users additional features but was secretly designed to steal sensitive data by communicating with a hacker-controlled server.

Necro uses a technique called steganography, where malicious commands are hidden within images that the app downloads, which are then decoded and executed on the user’s device.

Necro’s infiltration of Google Play is particularly alarming, as users often assume apps from official sources are safe. In this case, Google has removed the infected versions of Wuta Camera and Max Browser after being alerted, but not before the malware had spread to millions of users.

Fig 2: Necro attacks by country. Source: Kaspersky

This isn’t the first time Necro has appeared in the Google Play Store. Back in 2019, a similar variant was found in the CamScanner app, which had over 100 million downloads at the time.

Like its previous version, the latest Necro malware can display invisible ads, interact with them without user consent, and even install other malicious applications.

Users are advised to update any potentially infected apps or delete them if no clean version is available. It is also crucial to download apps only from trusted sources and to use a reliable mobile security solution to detect and prevent malware infections.

With the increasing sophistication of threats like Necro, protecting your device from malware is more important than ever.

Need mobile malware protection?

Get Certo Mobile Security for FREE on Android and iPhone now. Protect your device from trojans, spyware, viruses and more.