In a concerning development, a new malware named Necro Trojan has infected millions of Android devices through compromised advertising SDKs. The malware was discovered in two Google Play Store apps, Wuta Camera and Max Browser, which have a combined total of over 11 million downloads. Researchers report that Necro Trojan’s presence extends to modified versions of popular apps like WhatsApp, Spotify, and Minecraft.
These modified apps are typically distributed through unofficial websites and app stores. The Trojan primarily installs adware on infected devices. It loads websites through invisible WebView windows to generate ad revenue for the attackers.
Additionally, it can download and execute arbitrary code, facilitate subscription fraud, and route malicious traffic to obscure its source. Google is aware of the issue and is investigating the Trojan and the apps containing it. Users are advised to uninstall the infected apps immediately and run a safety check using a reputable antivirus program.
Although there is no evidence that the Trojan compromises user accounts, changing important passwords is recommended as a precaution. Play Protect, a feature of the Google Play Store, helps users by running safety checks on apps before installation and scanning devices for harmful apps post-installation. Users are encouraged to ensure Play Protect is enabled, which is the default setting.
To check or enable Play Protect:
1.
Necro Trojan affects Android devices
Open the Google Play Store.
2. Tap on your profile icon at the top right. 3.
Select “Play Protect” and ensure it is active. In light of this development, Android users should be more vigilant about the apps they download. They should consider regular device scans to maintain cybersecurity.
To stay safe, users should follow these guidelines:
– Stick to official app stores and never use third-party sources or change your device’s security settings for an app. – Check the developer in the app’s description and the app reviews to ensure legitimacy. – Do not grant unnecessary permissions to an app, especially device control through Accessibility services.
– Regularly review and delete unused apps on your phone. – Verify the legitimacy of apps that link to established apps like WhatsApp by checking reviews and online write-ups. Google continues to recommend using the Play Store and ensuring that Play Protect is enabled on your device.
This defense mechanism will protect against future threats once they are identified.
