Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
How Necro deceived the security system and what advertising has to do with it.
At the end of August, Kaspersky Lab specialists recorded the activity of malware called Necro, which penetrated popular applications on the Google Play platform and unofficial sources. Necro is an Android downloader capable of downloading and running various malicious modules on the victim's device. Infections have been identified in Brazil, Russia, Vietnam, Ecuador and Mexico.
The Trojan possesses extensive features. Necro is able to download modules to the device that show ads in hidden windows and automatically click on them, download executable files and install third-party applications. Necro can open arbitrary links in WebView and run JavaScript code, and probably also sign up for paid subscriptions. In addition, attackers can send Internet traffic through infected devices, using them as proxies to bypass restrictions and create botnets.
One of the first applications infected by Necro was a modified Spotify Plus, which was distributed on unofficial platforms. The description claimed that the app is safe and provides advanced features compared to the official version. In addition, experts found infected versions of WhatsApp and popular games such as Minecraft, Stumble Guys and Car Parking Multiplayer. Necro got into these applications through a malicious adware module.
The danger of Necro was not limited to third-party sites. The malware was also found in the Wuta Camera and Max Browser apps available on Google Play. According to the platform, the total number of downloads of these apps has exceeded 11 million. Necro infiltrated the programs through an unverified adware module.
After Google's notification, the malicious code was removed from Wuta Camera, and Max Browser was completely removed from the store. However, the risk of infection remains for users who download applications from unofficial sources.
Most interestingly, Necro's version used steganography — a method of hiding data in images — to mask malicious activity. This technique is rarely found in mobile threats.
To protect devices, users are advised to download applications only from official sources, regularly update the operating system, and use proven antivirus solutions.
Source
At the end of August, Kaspersky Lab specialists recorded the activity of malware called Necro, which penetrated popular applications on the Google Play platform and unofficial sources. Necro is an Android downloader capable of downloading and running various malicious modules on the victim's device. Infections have been identified in Brazil, Russia, Vietnam, Ecuador and Mexico.
The Trojan possesses extensive features. Necro is able to download modules to the device that show ads in hidden windows and automatically click on them, download executable files and install third-party applications. Necro can open arbitrary links in WebView and run JavaScript code, and probably also sign up for paid subscriptions. In addition, attackers can send Internet traffic through infected devices, using them as proxies to bypass restrictions and create botnets.
One of the first applications infected by Necro was a modified Spotify Plus, which was distributed on unofficial platforms. The description claimed that the app is safe and provides advanced features compared to the official version. In addition, experts found infected versions of WhatsApp and popular games such as Minecraft, Stumble Guys and Car Parking Multiplayer. Necro got into these applications through a malicious adware module.
The danger of Necro was not limited to third-party sites. The malware was also found in the Wuta Camera and Max Browser apps available on Google Play. According to the platform, the total number of downloads of these apps has exceeded 11 million. Necro infiltrated the programs through an unverified adware module.
After Google's notification, the malicious code was removed from Wuta Camera, and Max Browser was completely removed from the store. However, the risk of infection remains for users who download applications from unofficial sources.
Most interestingly, Necro's version used steganography — a method of hiding data in images — to mask malicious activity. This technique is rarely found in mobile threats.
To protect devices, users are advised to download applications only from official sources, regularly update the operating system, and use proven antivirus solutions.
Source
