The Necro Trojan recently resurfaced in the threat landscape. The malware loader is used in a sophisticated supply chain attack targeting the Android family. It affected more than 11 million devices through malicious SDKs issued with real applications on Google Play.
How Does Necro Target Android Devices?
Necro was spread via mobile ad-ware development kits, popular apps, software mods such as Spotify and WhatsApp, and Android game mods. Following installation, Necro Trojan loads the following malicious plugins:
- Adware: Shows background ads for illicit revenue generation.
- Downloaders: Download and execute arbitrary JavaScript and DEX files.
- Subscription fraud tools: These facilitate fraudulent subscriptions to paid services.
- Proxy mechanisms: Makes use of infected devices as proxies, which are used for the routing of malicious traffic.
Necro On Google Play
The researchers of Kaspersky Security have discovered traces of Necro in two apps that are distributed through Google Play: Wuta Camera and Max Browser. Wuta Camera has a user base of over 10 million people. Both lists show that an Necro version was available for each of these apps. In both cases, it was later eradicated. That means any payloads uploaded via these older versions might remain on affected devices.
Necro In Modified Apps
In addition to the Play Store, Necro is also distributed through modified applications. This includes WhatsApp mods, Spotify mods, and Minecraft mods, which claim more features or benefits and may contain malicious code.
The Extent Of The Threat
The recent wave of Necro trojans has caused at least 11 million Google Play infections, with the exact number of infections remaining unknown. The threat is severe as most Android devices are in use and the targeted applications are some of the most popular.
Protecting Your Android Device
To protect your Android device from malware like Necro, you should follow best practices such as:
- Download apps from official places: Never download third-party applications. Instead, download from known websites or an app store.
- Keep your device and apps updated: Often updates comprise security patches, which patch the vulnerability.
- Use a good security solution: Choose a reliable antivirus application that can detect and prevent infections from malware.
- Do not download any modified apps: Avoid using the modified version of the most popular apps containing malicious code.
- Check app permissions: Before installing any app, check the permission required by the app on your Android device carefully. You should ensure that the permissions requested are necessary for it to work.
To prevent infection and protect your Android device from the Necro malware loader and other malware threats, follow these steps.