Begin typing your search above and press return to search.
proflie-avatar
Login
exit_to_app
Adani and his group buying governments
access_time 23 Nov 2024 6:53 AM GMT
Trump
access_time 22 Nov 2024 2:47 PM GMT
election commmission
access_time 22 Nov 2024 4:02 AM GMT
Champions Trophy tournament
access_time 21 Nov 2024 5:00 AM GMT
The illness in health care
access_time 20 Nov 2024 5:00 AM GMT
The fire in Manipur should be put out
access_time 21 Nov 2024 9:19 AM GMT
DEEP READ
Munambam Waqf issue decoded
access_time 16 Nov 2024 5:18 PM GMT
Ukraine
access_time 16 Aug 2023 5:46 AM GMT
Foreign espionage in the UK
access_time 22 Oct 2024 8:38 AM GMT
exit_to_app
Homechevron_rightTechnologychevron_rightTrojan detected in...

Trojan detected in Google Play apps, modded versions of Spotify, WhatsApp

text_fields
bookmark_border
Trojan detected in Google Play apps, modded versions of Spotify, WhatsApp
cancel

Security researchers have discovered that malicious malware is being spread by attackers through unofficial mods of popular apps and some Google Play apps.

The alleged Necro Trojan has the ability to install additional malware, log keystrokes, steal sensitive information, and execute commands remotely. Two apps in the Google Play store appear to contain this malware.

Additionally, it was discovered that the trojan was being distributed by modded (modified) Android application packages (APKs) of games like Minecraft and apps like Spotify and WhatsApp.

The well-known PDF creator program CamScanner was infected with malware in 2019, marking the first detection of a trojan from the Necro family.

Users were warned about the risk by the official version of the Google Play store app, which has over 100 million downloads, but at the time a security patch resolved the problem.

Two Google Play apps have been found to contain a new variant of the Necro Trojan, as per a post by Kaspersky researchers. The first is the Wuta Camera software which has been downloaded more than 10 million times, and the second is Max Browser with more than a million downloads.

The researchers have verified that once Kaspersky contacted Google, the corporation removed the malicious apps.

The primary cause of the problem is the abundance of unofficial "modded" versions of well-known apps that are available on numerous third-party websites. On their Android devices, users can mistakenly download and install them, infecting them in the process, NDTV reported.

Researchers have discovered that some of the APKs containing the malware include modified versions of Spotify, WhatsApp, Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox — these modded versions guarantee users access to features that are normally exclusive to subscribers who pay for them.

It is interesting to note that the attackers seem to be targeting consumers using a variety of methods. For example, the researchers found that the Spotify mod had an SDK that displayed multiple ad modules. If the user inadvertently touched the image-based module, a trojan payload would be deployed via a command-and-control (C&C) server.

Similar to this, it was discovered that the attackers in the WhatsApp mod had modified Google's Firebase Remote Config cloud service to use it as the C&C server. In the end, engaging with the module would cause the payload to deploy and run.

Once deployed, the malware could “download executable files, install third-party applications, and open arbitrary links in invisible WebView windows to execute JavaScript code,” highlighted the Kaspersky post. It might also, without the user's knowledge, subscribe to expensive paid services.

Users are advised to exercise caution when installing Android apps from unaffiliated sources, even though the apps listed on Google Play have already been removed. They should not download or install any apps or files if they do not trust the marketplace.

Show Full Article
TAGS:TrojanGoogle play apps
Next Story