The Necro Android Malware Loader Is Back From The Dead And Spreading
11 Million Infections And Counting
The Google App store is once again at the centre of discussions about just what Google means when they say you should trust the security of the Play Store. The original Necro malware started spreading in 2019 and a brand new version of it has been spreading through the app store, and is still there in a few game mods. Necro is technically a trojan dropper uses steganography to hide it’s payload, once it gets its dirty paws on your Android device it can do a number of things from running DEX files to popping up invisible windows it can interact with. Check your bank statements for unexpected subscriptions to paid services and apps, as Necro is quite capable of signing you up for things without your knowledge.
The new version of Necro got into the Play Store via the usual way, sneaking in via an advertising SDK that likely came from a trusted ad server which was hacked. The first official app they infected is called Wuta Camera by ‘Benqu’ which has over 10 million installs, and it has been cleansed. The second was Max Browser by ‘WA message recover-wamr’ and it has been removed from the Play Store as even the new version remains infected.
If you like to live dangerously and download app mods from strange corners of the internet, Necro has been detected in mods for Minecraft, WhatsApp and Spotify as well. Be careful out there!
This new version of the Necro Trojan was installed through malicious advertising software development kits (SDK) used by legitimate apps, Android game mods, and modified versions of popular software, such as Spotify, WhatsApp, and Minecraft.
More Tech News From Around The Web
- Tandem OLED is OLED’s latest weapon in holding off MicroLED, QDEL @ Ars Technica
- Zen Browser: a New Firefox-based Alternative to Chromium Browsers @ Slashdot
- Microsoft on a roll for terrible rebranding with Windows App @ The Register
- Apple’s latest macOS release is breaking security software, network connections @ The Register
- New Google Chrome feature will translate complex pages in real time @ Bleeping Computer
- WordPress Founder Calls WP Engine a ‘Cancer To WordPress’ and Urges Community To Switch Providers @ Slashdot
- New Release Of Vision Basic: Hot New Features! @ Hackaday
- Fake AI “podcasters” are reviewing my book and it’s freaking me out @ Ars Technica
- Altera Starts to Chart its Own Course and Adds Agilex 3 @ ServeTheHome
- How Sonos Botched an App and Infuriated Its Customers @ Slashdot
- AlphaESS VitaPower VT1000 and 2x VitaMate VM1000 all-in-one balcony solar system @ FunkyHome