September 23, 2024 at 11:18AM
A new version of the Necro Trojan malware for Android infected 11 million devices through Google Play via malicious advertising SDK. The Trojan was found in legitimate apps like Wuta Camera and Max Browser, with Kaspersky identifying obfuscation techniques used to hide malicious activities. Outside Google Play, it spread through modified popular apps.
Based on the meeting notes, the key takeaways are:
– The Necro Trojan malware for Android was installed on 11 million devices through Google Play via malicious advertising software development kits (SDK) used by legitimate apps and modified versions of popular software.
– The infected devices had several payloads installed and malicious plugins activated, including adware, modules for downloading and executing arbitrary files, tools for subscription fraud, and mechanisms for routing malicious traffic.
– Kaspersky discovered the presence of Necro loader on two apps on Google Play, Wuta Camera and Max Browser, both of which had substantial userbases.
– The Necro malware was spread outside the Google Play Store through modified versions of popular apps distributed via unofficial websites, such as WhatsApp mods, Spotify mods, and mods for popular games like Minecraft.
These takeaways provide a clear overview of the Necro Trojan malware’s distribution, its impact on popular apps, and its spread outside the official app stores.