Skip to content

New variant of Necro Trojan infected more than 11 million devices

Experts warn of the Necro Trojan found in Google Play, as threat actors are spreading it through
fake versions of legitimate Android apps.
Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps
uploaded to the Google Play store. The malware was hidden in popular applications and game
mods. Kaspersky researchers first spotted the Necro Trojan in 2019. The malicious code was
found in the free version of the popular PDF creator application CamScanner.
The new version of the Necro loader infected both apps in Google Play and modified versions
of Spotify, Minecraft, and other popular applications from unofficial sources.
This new version of the Necro loader uses obfuscation and steganography techniques to evade
detection. It can perform various malicious actions, including displaying ads in invisible
windows, downloading and executing DEX files, installing applications, opening links in hidden
WebView windows, executing JavaScript, and creating tunnels through the victim’s device. The
malicious code can also potentially subscribe to paid services.

https://securityaffairs.com/168898/malware/new-necro-trojan-apps-11m-downloads.html