A new variant of the Necro Trojan is causing havoc. The malware, which spreads via Google Play, hides in modified versions of the Spotify, Whatsapp and Minecraft apps and is capable of installing other third-party apps.
Security researchers at Kaspersky have discovered a new version of the “Necro” Trojan in Google Play. At least 11 million users worldwide have already been infected, the Russian provider of cybersecurity solutions reports. Users in the DACH region, including Switzerland, as well as in Russia, Vietnam and Brazil are affected. Necro was hidden in modified versions of the Spotify, Whatsapp and Minecraft apps, among others.
The Trojan can download modules onto smartphones, allowing attackers to use the infected device to visit different resources and potentially integrate it into a proxy botnet. In addition, according to Kaspersky, the Trojan is capable of:
- Displaying and clicking on advertisements in invisible windows,
- download executable files,
- Install third-party apps and
- to open arbitrary links in invisible webview windows to execute JavaScript code.
Finally, the Trojan may also be able to register users for paid services. In addition, attackers could use the downloaded modules to redirect Internet traffic via the victim’s device.
“Users often download unofficial, modified apps to bypass restrictions in official applications or to access additional free features,” said Dmitry Kalinin, cybersecurity expert at Kaspersky, in the statement. Cybercriminals exploit this behavior and spread malware via third-party platforms, as there are fewer security features there. “It is also noteworthy that the version of Necro embedded in these applications used steganography techniques, hiding the payload in images to remain undetected – a very rare method for mobile malware.”
By the way, malware is not an invention of the 21st century – it has been annoying users and admins for at least 40 years. You can find an overview of the various firsts in the malware world in the background report: From Creeper to Morris to Zeus – a short history of malware.
If you want to read more about cybercrime and cybersecurity, Sign up for the Swisscybersecurity.net newsletter hereThe portal provides daily news about current threats and new defense strategies.
