Necro Trojan Targets Over 11 Million Android Devices via Modded Apps

A new version of the Necro Trojan has infected more than 11 million Android devices through modded versions of popular apps like Spotify, WhatsApp, and Minecraft, as well as apps on the Google Play Store. According to a report by Securelist, the malware was discovered in modded versions of these apps and spread via malicious SDK supply chain attacks.

Necro was found embedded in two Play Store apps—Wuta Camera and Max Browser—though Wuta Camera has since removed the malware. However, Max Browser remains infected. Outside of the Play Store, the trojan spreads through unofficial versions of apps, such as Spotify Plus and GBWhatsApp, and modded games like Minecraft and Stumble Guys.

Once installed, Necro activates harmful plugins that execute fraudulent activities, such as generating ad revenue for attackers by running ads in the background.

To stay safe, avoid downloading APKs from unverified sources, and carefully review apps on official platforms before installing them.