This Android Trojan Has Infected at Least 11 Million Devices

If there’s something worse than a trojan, it’s a trojan that’s pretty much everywhere. In the case of Android phones, one specific piece of malware has made its way onto at least 11 million Android devices.




A new version of the notorious Necro malware loader has seemingly infiltrated the Google Play Store, infecting an estimated 11 million Android devices. This insidious malware was distributed through malicious advertising software development kits (SDKs) embedded in legitimate apps distributed through the Google Play Store. It also affects game mods, and even modified versions of popular software like Spotify, WhatsApp, and Minecraft that are distributed outside of Google’s realm. It can be easy to get your phone infected through third-party APKs, but the fact that the malware is present in apps distributed through the Play Store is certainly very worrying.

Necro operates by installing various payloads onto infected devices, activating a range of malicious plugins. These plugins enable adware that displays links through invisible WebView windows, modules that download and execute arbitrary JavaScript and DEX files, and tools designed specifically for subscription fraud. Additionally, Necro can turn infected devices into proxies for malicious traffic.


Kaspersky researchers discovered the Necro loader lurking within two popular apps on Google Play: Wuta Camera and Max Browser. While Google has since removed the infected versions, any payloads installed by these apps may still remain active on user devices. Outside of the Play Store, Necro spreads through modified versions of popular apps (mods) distributed through unofficial websites.

The full extent of Necro’s reach remains unknown, but it is estimated to have infected at least 11 million devices through Google Play alone. Perhaps many more devices have been affected as well through the ol’ APK route. If you happen to have any infected apps on your phone, you should make sure to remove them immediately and look for alternatives.

Source: Bleeping Computer

Leave a Comment