Application security, Malware

Necro trojan impacts millions of Android devices

Male hand holding smart phone outside.

More than 11 million Android devices have been compromised with the Necro trojan through a pair of malicious apps that have since been removed from the Google Play store, SecurityWeek reports.

Most of the infections were from the Wuta Camera app, while the rest were from the Max Browser app, according to a Kaspersky analysis. Moreover, unofficial mods for Spotify and WhatsApp, as well as the Minecraft, Car Parking Multiplayer, Stumble Guys, and Melon Sandbox games, have also been used by threat actors to spread the Necro trojan, which not only enabled executable file downloads, third-party app installation, and arbitrary link opening for JavaScript code execution but also permitted unwanted subscriptions to paid services. Further examination of the malware revealed extensive attacks against users in Russia, Mexico, Brazil, Ecuador, and Vietnam from August 26 to September 15. Such a development comes more than five years after Necro was initially discovered within the CamScanner - Phone PDF creator app.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds