Necro Trojan Found in Google Play Apps and Modified Versions of Spotify, WhatsApp

Necro Trojan Malware Detected in Two Google Play Store Apps, Both Now Removed

Necro Trojan Resurfaces in Google Play Apps and Modded APKs

Security researchers have raised alarms over the reappearance of the dangerous Necro trojan in Google Play apps and unofficial mods of popular apps. The malware, which is capable of stealing sensitive information, logging keystrokes, and even executing commands remotely, has been found in two apps on the Google Play store, both of which have since been taken down. Furthermore, modded versions of widely used apps like Spotify, WhatsApp, and games like Minecraft have also been identified as carriers of this malware.

Google Play Apps and Modded APKs Distributing Necro Trojan The Necro trojan was first discovered in 2019 when it infected the CamScanner app, a popular PDF-making tool. The infection led to the removal of the app from Google Play, though it was reinstated after the developers addressed the security concerns. However, the Necro trojan has evolved over the years, with a new variant surfacing recently.

According to researchers from Kaspersky, this latest version of Necro was detected in two highly popular Google Play apps. The first, Wuta Camera, had been downloaded over 10 million times, while the second, Max Browser, had accumulated more than one million downloads. After being alerted, Google quickly removed both apps from the Play Store to prevent further damage.

Necro Trojan in Modded APKs Aside from official apps, Necro has also been spreading through modded APKs—unofficial modified versions of applications. These APKs often promise premium features for free, attracting users looking for ways to bypass paywalls in apps like Spotify or WhatsApp. Unfortunately, these modified versions can come with serious risks, including the inclusion of malware like the Necro trojan.

Key Risks Posed by the Necro Trojan The Necro trojan is especially dangerous because of its multifaceted capabilities. Once installed on a device, it can log users’ keystrokes, potentially capturing passwords and personal information. It can also install additional malware, giving attackers even more control over the device. In some cases, Necro can enable remote command execution, allowing cybercriminals to carry out harmful activities from afar.

How to Protect Against the Necro Trojan To avoid falling victim to the Necro trojan or similar malware, users should be cautious when downloading apps. Sticking to official app stores like Google Play is generally recommended, but even then, users need to verify the credibility of apps. Apps with abnormally high download numbers and little user feedback may be suspicious. Additionally, downloading APKs from unofficial sources should be avoided, as these are frequent targets for malicious actors.

Ongoing Monitoring of Necro Trojan The rapid removal of the infected apps highlights the importance of vigilance in the face of growing cybersecurity threats. Google and other app platforms are continually monitoring for malware like Necro, but users must also take proactive steps to protect their devices. By staying informed and cautious, the risk of falling victim to such malware can be minimized.