• Home
  • Apps
  • Apps News
  • Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

The Necro trojan malware was spotted in two apps on the Google Play store that have since been taken down by the company.

Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

Photo Credit: Pixabay/ @neotam

Researchers found that the malware is targeting users in Russia, Brazil, Vietnam, Ecuador, and Mexico

Highlights
  • The Necro trojan was also found in modded APKs of popular apps
  • In one app, researchers found the payload was spread via an image module
  • Similar malware was found in the CamScanner app in Google Play in 2019
Advertisement

Some Google Play apps and unofficial mods of popular apps are being targeted by attackers to spread a dangerous malware, according to security researchers. The purported Necro trojan is capable of logging keystrokes, stealing sensitive information, installing additional malware, and remote execution of commands. Two apps in the Google Play app store have been spotted with this malware. Further, modded (modified) Android application packages (APKs) of apps such as Spotify, WhatsApp, and games like Minecraft were also detected distributing the trojan.

Google Play Apps, Modded APKs Used to Spread Necro Trojan

The first time a trojan from the Necro family was spotted was in 2019 when the malware infected the popular PDF maker app CamScanner. The official version of the app in Google Play with more than 100 million downloads posted a risk to users, but a security patch fixed the issue at the time.

According to a post by Kaspersky researchers, a new version of the Necro trojan has now been spotted in two Google Play apps. The first is the Wuta Camera app which has been downloaded more than 10 million times, and the second is Max Browser with more than a million downloads. The researchers have confirmed that Google took down the infected apps after Kaspersky reached out to the company.

The main issue stems from a large number of unofficial 'modded' versions of popular apps, which are found hosted on a large number of third-party websites. Users can mistakenly download and install them on their Android devices, infecting them in the process. Some of the APKs with the malware spotted by researchers include modified versions of Spotify, WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox — these modded versions promise users access to features that typically require a paid subscription.

Interestingly, it appears the attackers are using a range of methods to target users. For instance, the Spotify mod contained an SDK which displayed multiple advertising modules, as per the researchers. A command-and-control (C&C) server was being used to deploy the trojan payload if the user accidentally touched the image-based module.

Similarly, in the WhatsApp mod, it was found that the attackers had overwritten Google's Firebase Remote Config cloud service to use it as the C&C server. Ultimately, interacting with the module would deploy and execute the same payload.

Once deployed, the malware could “download executable files, install third-party applications, and open arbitrary links in invisible WebView windows to execute JavaScript code,” highlighted the Kaspersky post. Further, it could also subscribe to expensive paid services without the user knowing.

While the apps in Google Play have already been taken down, users are urged to be careful while downloading Android apps from third-party sources. In case they do not trust the marketplace, they should refrain from downloading or installing any app or files.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Nothing Ear Open With ChatGPT Integration, Up to 8 Hours of Music Playback Launched in India
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »