According to a report, over 11 million Android phones and tablets have been infected by a dangerous virus known as Necro Trojan. This virus entered phones through unauthorized apps and game modes. It was first spotted in 2019, but it has now re-emerged and is even more dangerous. The virus is currently available on the Google Play Store as well.
Security researchers at Kaspersky have discovered a new version of the Necro trojan targeting Android users through both Google Play apps and modified APKs (Android application packages) hosted on third-party websites. This malicious software poses a serious threat, capable of stealing sensitive data, installing additional malware, and remotely executing commands on infected devices.
One of Necro’s functions is to display intrusive ads, which can lead to malicious web pages designed to distribute other malware, steal personal information, extract money, and more. Also, the Trojan collects various information from infected devices, including screen size, RAM, operating system version, and device identifiers like IMEI and IMSI.
Additionally, it may track interactions with ads and other applications. Necro sends the harvested information to a command-and-control (C2) server controlled by the attackers. Furthermore, Necro can download and run other programs on infected devices. It can also change the links that are displayed in a web browser to include extra information (e.g., confirmation codes for payments).
This allows the malware to trick users into subscribing to services without their knowledge or run additional malicious code when they click on specific links. It is important to mention that Necro’s modular architecture enables its creators to update it regularly, allowing new malicious modules or features to be added.
This adaptability makes it particularly dangerous, as it can respond to security measures and continue to evolve.
What Does the Virus Do?
The report states that once this virus gains access to a phone, it downloads even more harmful files. It then transforms the phone into a device that displays ads without your consent, scams people, and helps spread other malicious viruses.
Remove These Apps from Your Phone
Two apps have significantly aided in spreading this virus: Vuta Camera and Max Browser. Vuta Camera is a highly popular camera app, downloaded by around 10 million users. The older version of this app has been removed. Users are advised to either update their app or download a new one. The Max Browser, which has been downloaded over a million times, has also been removed. Additionally, the virus has affected updated versions of apps like Spotify Plus, WhatsApp, Minecraft, and others. Hackers spread the virus by enticing users to use these altered apps.
How to Protect Yourself
To avoid Android viruses, only download apps from official sites like the Google Play Store and keep Google Play Protect enabled on your phone. Before downloading any app, check its ratings and reviews, and also watch online videos. You can also run antivirus software on your phone for added protection.
