11 million Android users infected with dangerous Necro trojan — how to stay safe
Actual number could be even higher as sideloaded apps were also used to spread this trojan
Android phones are once again under attack from a dangerous trojan which has resurfaced to infect at least 11 million devices.
According to a blog post from the cybersecurity firm Kaspersky, the Necro trojan, which its security researchers first discovered in 2019, has returned. The trojan is now being distributed via official apps on the Google Play Store, unofficial modded versions of popular apps and in Android game mods.
Once installed on one of the best Android phones, Necro then downloads additional payloads that are used to activate a number of malicious plugins. From adware to subscription fraud to using infected devices as proxies to send malicious traffic, this malware is extremely versatile as a result of these plugins.
Here’s everything you need to know about the Necro trojan and how it can infect your smartphone along with some tips on how to stay safe from Android malware.
Hiding in official and unofficial apps
Even if you download a legitimate app from the Play Store, there’s still a slight chance it could be malicious as good apps can go bad thanks to the work of hackers. That appears to be exactly what happened in this case, as BleepingComputer points out, that the Necro trojan was installed through malicious advertising software development kits (SDK).
The first and most downloaded app on the Play Store is Wuta Camera, which lets you take pictures, touch them up and add a number of effects. This app alone was downloaded 10 million times. Based on Kasperky’s data, the Necro trojan was added to version 6.3.2.148 of Wuta Camera. However, versions starting from 6.3.7.138 no longer contain the trojan. This means if you’re using an older version of this app, you need to update it immediately.
The next official app infected with the Necro trojan is a web browser called Max Browser with one million downloads. The trojan was added to its code in version 1.2.0 but the app was removed from the Play Store after Kaspersky informed Google that it had become malicious. However, it’s still available on third-party app stores, so it’s best to recommend downloading Max Browser for the time being.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Kaspersky also found the Necro trojan lurking in a modified version of the Spotify Plus app. Users were invited to download a new version of the app from an unofficial source. However, unlike with the official Spotify app, this version was free and came with an unlocked subscription. This should have been a red flag but some unsuspecting users decided to download and install it despite the risk which led to their phones being infected with the Necro trojan.
Finally, Kaspersky found the Necro trojan lurking in mods for WhatsApp, Minecraft and other popular games including Stumble Guys, Car Parking Multiplayer and Melon Sandbox. Hackers often use mods to popular games as a lure, so when in doubt, you should avoid modding mobile games altogether.
How to stay safe from Android malware
When it comes to malware-filled apps, the first and most important thing you can do is to avoid downloading apps from unofficial sources. Sideloading apps may be easy and convenient but doing so can also be extremely dangerous. This is why you should stick to official app stores like the Google Play Store, Samsung Galaxy Store and the Amazon Appstore.
From here, you want to ensure that Google Play Protect (which comes pre-installed) is enabled on your Android smartphone. This first-party app scans all of the new apps as well as your existing ones for malware and other threats. For even more protection though, you should consider using one of the best Android antivirus apps alongside it.
Even when you download apps from the Play Store or other official app stores, you want to check their ratings and reviews first. As these can be faked though, it’s always a good idea to look for a video review online, so that you can see the app in question in action before downloading it.
Recently, Google has made great strides at eliminating malicious apps from the Play Store but they still manage to slip through the cracks from time to time. This is why it’s a good idea to limit the number of apps on your phone overall.
More from Tom's Guide
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.