Wednesday, 09 July 2025

Malware spreading through the Google Play Store has been detected

The experts discovered a new version of the Necro Trojan, which was installed through a malicious software development kit (SDK). The Necro Trojan was discovered in legitimate applications (Wuta Camera, Max Browser) and modified versions of popular applications such as Spotify Plus, WhatsApp and Minecraft.

Necro installs several payloads to infected devices and activates various malicious plugins, including:

  • adware that loads links through invisible WebView windows;
  • modules that download and execute arbitrary JavaScript and DEX files;
  • tools specifically designed to facilitate subscription fraud;
  • plugins that use infected devices as proxies to route malicious traffic.

The researchers notified Google Play representatives about the malware, after which the malicious downloader was removed from Wuta Camera, and Max Browser was removed from the Google Play Store. Also, experts do not recommend users to download applications from unofficial sources.

Source: bleepingcomputer.com

25 September 2024

-
79