Ethical Hacking News
The Necro Trojan malware has resurfaced on Android devices, infecting 11 million users across popular apps and game mods. With its advanced obfuscation techniques and steganography methods, this new variant poses a significant threat to mobile security. Read the full article to learn more about the resurgence of Necro Trojan and how to protect yourself against this malicious malware.
The Necro Trojan malware has infected over 11 million Android devices across popular apps and game mods. This new variant of the malware uses cutting-edge obfuscation techniques and steganography methods to evade detection. The malware primarily spreads through unverified ad integration tools, unofficial app sources, and modded versions of popular applications. The revamped malware has increased capabilities as a malware tool due to improved features and methods. The new variant uses obfuscation techniques to avoid detection, making it challenging for security experts to identify and remove the threat from infected devices. Several apps on Google Play have been compromised by the Necro Trojan malware, including Wuta Camera and Max Browser.
The mobile threat landscape has taken another hit as a revamped version of the Necro Trojan malware has emerged, infecting a staggering 11 million Android devices across various popular apps and game mods. According to recent reports from security experts at Kaspersky, this new variant of the malware leverages cutting-edge obfuscation techniques and steganography methods to evade detection and carry out its malicious activities.
The Necro Trojan, first spotted in 2019, initially gained notoriety for compromising a legitimate Android app, CamScanner, which had been downloaded over 100 million times on Google Play. This initial outbreak led to widespread concerns about the security vulnerabilities of popular apps and the need for users to exercise caution when downloading and using mobile applications.
Fast-forward five years, and a new variant of the Necro Trojan has resurfaced, this time with a range of improved features and methods that have increased its capabilities as a malware tool. According to Kaspersky researchers, the revamped malware primarily spreads through unverified ad integration tools used by app developers, unofficial app sources, and modded versions of popular applications.
One notable aspect of this new variant is its use of obfuscation techniques to avoid detection. The malware incorporates PNG images with hidden payloads that can only be extracted using specialized software, making it challenging for security experts to identify and remove the threat from infected devices. Furthermore, various malicious modules can be mixed and matched to carry out different actions on compromised devices.
The new version of Necro Trojan has successfully infiltrated several apps on Google Play, including Wuta Camera with over 10 million downloads, Max Browser with more than 1 million downloads, modded versions of Spotify, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. This malware is believed to have been delivered through a tainted software developer kit (SDK) used for advertising integration in apps.
Necro Trojan's modular structure allows it to support multiple capabilities, including:
1. NProxy: Creates a tunnel through the victim’s device.
2. Island: Generates a pseudo-random time interval between displays of intrusive ads.
3. Web: Contacts a C2 server periodically to execute arbitrary code with elevated permissions via specific links.
4. Cube SDK: Loads plugins that handle background ad display.
5. Tap: Downloads JavaScript code and a WebView interface from the C2 server to covertly load and view ads.
6. Happy SDK: Combines NProxy and Web modules with minor differences.
The actual number of infected devices could be higher due to Necro’s spread through unofficial app sources. Experts warn that users should exercise extreme caution when using mobile applications and apps, especially those from unverified sources or modded versions of popular apps. Verifying the source and permissions of any application before installation is crucial in avoiding potential threats.
The emergence of this new variant highlights the ongoing challenges faced by security experts in combatting mobile malware. As malicious actors continue to evolve their tactics and methods, it becomes increasingly essential for users to remain vigilant and informed about the latest mobile threat landscape.
Related Information:
https://securityaffairs.com/168898/malware/new-necro-trojan-apps-11m-downloads.html
https://lifehacker.com/tech/necro-trojan-malware-has-infected-11-million-android-devices
https://thehackernews.com/2024/09/necro-android-malware-found-in-popular.html
https://www.pcrisk.com/removal-guides/31066-necro-trojan-android
Published: Thu Sep 26 09:15:19 2024 by llama3.2 3B Q4_K_M
