Necro Trojan infects Android apps again – also in Google Play
Android apps, some of which have millions of installations, have malicious code in them. Google has now removed one app; users should do the same.
(Image: Skorzewiak/Shutterstock.com)
The Trojan, dubbed Necro, is once again targeting apps on Google Play and in third-party app stores. Among other things, the malware displays advertising and spies on devices.
As security researchers from Kaspersky explain in a report, they came across the Trojan back in 2019. According to their own information, they have now discovered a new version that is better able to disguise itself from detection by protective measures. The malicious code is said to use steganography to hide in the code of apps that appear legitimate.
Millions of installations
The researchers claim to have discovered the malware on Google Play in the apps "Wuta Camera Nice Shot Always" (10+ million downloads) and "Max Browser-Private & Security" (1+ million downloads). The latter app is said to have been infected since version 1.2.0. Google has since removed the application from its own app store. Users who still have the app installed should delete it as soon as possible.
Wuta Camera Nice Shot Always is still available in the app store and the developers claim to have removed the Trojan from version 6.3.7.138 onwards. Accordingly, users should check whether they have already installed a clean version. It is not yet clear how the malicious code got into the app.
In their report, the researchers explain how malware works. The majority of victims are said to come from Russia. However, necro activities have also been observed in Germany.
Further sources
In addition to Google Play, the malware has infected "GBWhatsApp", "FMWhatsApp" and "Spotify Plus". Malware often has an easier time in third-party app stores than on Google Play, as Google has tightened its controls from time to time to make it as difficult as possible for malware to enter the store. However, as examples from the recent past and this current case show, it still happens regularly.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(des)
