New Variant of Necro Trojan Infects Google Play Apps

A major cybersecurity breach has been uncovered as two highly popular apps from the Google Play Store have been found to be infected with a new variant of the Necro trojan, Security Week is reporting.

According to anti-malware company Kaspersky, these infected Google Play apps have already been downloaded over 11 million times. The Necro trojan, first discovered in 2019, made headlines when it infected the CamScanner app, which boasted over 100 million downloads at the time.

The two newly discovered trojan-infected apps are Wuta Camera, with over 10 million downloads, and Max Browser, which has been downloaded more than 1 million times.

While both these apps have been removed from the Google Play Store following Kaspersky’s report, the damage to users who had already installed them remains a concern. It is believed that this latest variant of Necro has been spreading not just through the official app store but also through unofficial mods of apps like Spotify and WhatsApp.

Necro is a multi-stage malware loader, designed to quietly infiltrate devices and execute various malicious activities. It collects and transmits sensitive device and app data to a server. This server then sends back a malicious payload hidden within an image file, which allows further exploitation of the infected device.

Once installed on a victim’s device, the Necro trojan can carry out a wide range of harmful actions. Kaspersky experts noted that this version of Necro has the ability to download modules that display ads in invisible windows, click on those ads, and generate revenue for the attackers without the user’s knowledge.

More worryingly, the malware is capable of subscribing users to paid services without their consent, racking up charges for services they never intended to use.

SecurityWeek has reached out to Google for a statement regarding the Necro trojan’s infiltration of Google Play, but as of now, the company has yet to respond..