A new version of the Necro Trojan has infected various popular applications, including game mods and apps on Google Play, potentially affecting over 11 million Android devices. The multi-stage loader uses steganography to hide payloads and obfuscation to evade detection. Its modular architecture allows for targeted delivery of updates or new malicious modules. The Trojan can display ads, download and execute arbitrary files, install applications, open links in invisible windows, run tunnels through victim devices, and potentially subscribe to paid services. Infected apps include Wuta Camera, Max Browser, and modified versions of Spotify, WhatsApp, and games like Minecraft. Author: AlienVault
Related Tags:
Triada
CanesSpy
Necro
T1574.006
T1102.002
T1573.001
T1036.005
T1027.002
T1056.001
Associated Indicators:
7D1A369050B3BCB2274EE3580C08D1DC36AFFF13
522D2E2ADEDC3EB11EB9C4B864CA0C7F
0898D1A6232699C7EE03DD5E58727EDE
B3BA3749237793D2C06EAAF5263533F2
ACB7A06803E6DE85986AC49E9C9F69F1
ED6C6924201BC779D45F35CCF2E463BB
B69A83A7857E57BA521B1499A0132336
FA217CA023CDA4F063399107F20BD123
36AB434C54CCE25D301F2A6F55241205