September 25, 2024 – In a recent alarming discovery, cybersecurity researchers have identified the Necro Trojan malware embedded in two popular Android apps available on the Google Play Store. This malware has already infected over 11 million devices, raising significant concerns about the security of apps on the Play Store and the potential risks to users’ personal data and device integrity.
The Infected Apps
The two apps identified as carriers of the Necro Trojan are Wuta Camera and Max Browser. Wuta Camera, a widely used photo editing app, has over 10 million downloads. The malware was present in versions 6.3.2.148 (released on July 18) through 6.3.6.148 (released on August 20) 1. Max Browser, which has been removed from the Play Store, had over 1 million downloads and contained the malware from version 1.2.0 1.
How Necro Trojan Works
Once installed on a device, the Necro Trojan can execute a variety of malicious activities. It primarily installs adware that opens websites through invisible WebView windows, generating ad revenue for the attackers without the user’s knowledge. Additionally, it can download and execute arbitrary code, facilitate subscription fraud, and route malicious traffic through the infected device, making it difficult to trace the source of the malicious activity 2.
The Trojan’s ability to operate stealthily and perform multiple harmful functions makes it particularly dangerous. Users may not immediately notice any issues, allowing the malware to persist and cause damage over an extended period.
The Discovery and Response
Researchers from Kaspersky were the first to identify the Necro Trojan in these apps. Their investigation revealed that the malware was not only present in the Play Store apps but also in modified versions of popular apps like WhatsApp, Spotify, and Minecraft, which are often distributed through unofficial websites and app stores 2. This widespread distribution method means the actual number of infected devices could be significantly higher than the 11 million reported from the Play Store alone.
Upon discovering the malware, Kaspersky promptly reported it to Google. In response, Google has removed Max Browser from the Play Store and ensured that the latest versions of Wuta Camera are free from the malware. However, the incident highlights the ongoing challenges in maintaining the security of apps on the Play Store and the need for continuous vigilance by both users and developers.
Implications for Users
The presence of the Necro Trojan in popular apps underscores the importance of cybersecurity awareness among Android users. Here are some steps users can take to protect themselves:
- Uninstall Infected Apps: If you have Wuta Camera or Max Browser installed on your device, uninstall them immediately and run a thorough antivirus scan.
- Update Apps Regularly: Ensure that all apps on your device are updated to their latest versions, as updates often include security patches.
- Use Reputable Antivirus Software: Install and regularly update a reputable antivirus app to detect and remove malware.
- Be Cautious with App Permissions: Review the permissions requested by apps and be wary of those that ask for unnecessary access to your device’s functions and data.
- Avoid Unofficial App Stores: Download apps only from the Google Play Store or other trusted sources to minimize the risk of installing malicious software.
The Bigger Picture
The Necro Trojan incident is a stark reminder of the evolving nature of cybersecurity threats. As malware becomes more sophisticated, the need for robust security measures and user awareness becomes increasingly critical. Developers must prioritize security in their apps, and platforms like the Google Play Store must enhance their vetting processes to prevent malicious apps from reaching users.
For users, staying informed about potential threats and adopting proactive security practices can significantly reduce the risk of malware infections. As the digital landscape continues to grow, so too must our efforts to protect it.
