The Necro Android Malware Loader Is Back From The Dead And Spreading


11 Million Infections And Counting

The Google App store is once again at the centre of discussions about just what Google means when they say you should trust the security of the Play Store.  The original Necro malware started spreading in 2019 and a brand new version of it has been spreading through the app store, and is still there in a few game mods.  Necro is technically a trojan dropper uses steganography to hide it’s payload, once it gets its dirty paws on your Android device it can do a number of things from running DEX files to popping up invisible windows it can interact with.  Check your bank statements for unexpected subscriptions to paid services and apps, as Necro is quite capable of signing you up for things without your knowledge.

The new version of Necro got into the Play Store via the usual way, sneaking in via an advertising SDK that likely came from a trusted ad server which was hacked.  The first official app they infected is called Wuta Camera by ‘Benqu’ which has over 10 million installs, and it has been cleansed.  The second was Max Browser by ‘WA message recover-wamr’ and it has been removed from the Play Store as even the new version remains infected.

If you like to live dangerously and download app mods from strange corners of the internet, Necro has been detected in mods for Minecraft, WhatsApp and Spotify as well.  Be careful out there!



Source link