Technology News
English Edition
  • Home
  • Apps
  • Apps News
  • Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

The Necro trojan malware was spotted in two apps on the Google Play store that have since been taken down by the company.

Written by Akash Dutta, Edited by David Delima | Updated: 24 September 2024 20:06 IST
Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp

Photo Credit: Pixabay/ @neotam

Researchers found that the malware is targeting users in Russia, Brazil, Vietnam, Ecuador, and Mexico

Highlights
  • The Necro trojan was also found in modded APKs of popular apps
  • In one app, researchers found the payload was spread via an image module
  • Similar malware was found in the CamScanner app in Google Play in 2019
Advertisement

Some Google Play apps and unofficial mods of popular apps are being targeted by attackers to spread a dangerous malware, according to security researchers. The purported Necro trojan is capable of logging keystrokes, stealing sensitive information, installing additional malware, and remote execution of commands. Two apps in the Google Play app store have been spotted with this malware. Further, modded (modified) Android application packages (APKs) of apps such as Spotify, WhatsApp, and games like Minecraft were also detected distributing the trojan.

Google Play Apps, Modded APKs Used to Spread Necro Trojan

The first time a trojan from the Necro family was spotted was in 2019 when the malware infected the popular PDF maker app CamScanner. The official version of the app in Google Play with more than 100 million downloads posted a risk to users, but a security patch fixed the issue at the time.

According to a post by Kaspersky researchers, a new version of the Necro trojan has now been spotted in two Google Play apps. The first is the Wuta Camera app which has been downloaded more than 10 million times, and the second is Max Browser with more than a million downloads. The researchers have confirmed that Google took down the infected apps after Kaspersky reached out to the company.

The main issue stems from a large number of unofficial 'modded' versions of popular apps, which are found hosted on a large number of third-party websites. Users can mistakenly download and install them on their Android devices, infecting them in the process. Some of the APKs with the malware spotted by researchers include modified versions of Spotify, WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox — these modded versions promise users access to features that typically require a paid subscription.

Interestingly, it appears the attackers are using a range of methods to target users. For instance, the Spotify mod contained an SDK which displayed multiple advertising modules, as per the researchers. A command-and-control (C&C) server was being used to deploy the trojan payload if the user accidentally touched the image-based module.

Similarly, in the WhatsApp mod, it was found that the attackers had overwritten Google's Firebase Remote Config cloud service to use it as the C&C server. Ultimately, interacting with the module would deploy and execute the same payload.

Once deployed, the malware could “download executable files, install third-party applications, and open arbitrary links in invisible WebView windows to execute JavaScript code,” highlighted the Kaspersky post. Further, it could also subscribe to expensive paid services without the user knowing.

While the apps in Google Play have already been taken down, users are urged to be careful while downloading Android apps from third-party sources. In case they do not trust the marketplace, they should refrain from downloading or installing any app or files.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google Play, Google, Cybersecurity, Apps, Android
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Nothing Ear Open With ChatGPT Integration, Up to 8 Hours of Music Playback Launched in India

Related Stories

Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Duolingo Will Let You Hone Your English on a 'Video Call' With a Chatbot
  2. Samsung Galaxy S25 Ultra Key Specifications Spotted on Geekbench
  3. iQOO Z9 Turbo+ With MediaTek Dimensity 9300+ SoC, 6,400mAh Battery Launched
  4. Here's How Much Storage You Need to Run Apple Intelligence on Your iPhone
  5. iQOO Neo 9 Pro, iQOO 12 5G, More Discounted at Amazon Great Indian Festival
  6. Redmi Note 14 Pro+ Chipset, Battery Confirmed; Note 14 Pro Features Leaked
#Latest Stories
  1. Duolingo Showcases Video Calls With AI Chatbot, Game-Like ‘Adventures’ Experience at Duocon 2024
  2. iQOO Z9 Turbo+ With MediaTek Dimensity 9300+ SoC, 6,400mAh Battery Launched: Price, Specifications
  3. Necro Trojan Detected in Google Play Apps and Modded Versions of Spotify, WhatsApp
  4. Nothing Ear Open With ChatGPT Integration, Up to 8 Hours of Music Playback Launched in India
  5. WhatsApp Expands Testing for 'Read All' Chats Feature on Latest Beta for Android Phones
  6. OnePlus 13 Listed on China's 3C Website With 100W Fast Charging Support: Report
  7. Audio-Technica ATH-TWX7 With Up to 24 Hours Total Battery Life Launched in India: Price, Specifications
  8. Google’s Circle to Search Feature Will Reportedly Work With Message Bubbles With Android 15
  9. Cloudflare Introduces AI Audit Tool to Block Data Scraping AI Bots from Accessing Websites
  10. Elon Musk’s X Will Soon Let Users View Posts From People Even if They Have Been Blocked
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »