Experts are warning about the Necro Trojan discovered in the Google Play Store, where threat actors are distributing it through fake versions of legitimate Android applications.

Researchers from Kaspersky identified a new version of the Necro Trojan in multiple apps uploaded to Google Play. The malware was hidden inside popular applications and game mods.

Kaspersky first detected the Necro Trojan in 2019 when malicious code was found in the free version of the popular PDF creator application CamScanner.

The latest version of the Necro loader has infected both official Google Play apps and modified versions of Spotify, Minecraft, and other popular applications distributed through unofficial sources.

This new variant uses obfuscation and steganography techniques to evade detection.

Once installed, the malware can perform a wide range of malicious actions, including:

• Displaying ads in invisible windows
• Downloading and executing DEX files
• Installing additional applications
• Opening links in hidden WebView windows
• Executing JavaScript code
• Creating tunnels through the victim’s device
• Subscribing users to paid services without consent

Read the full article