New Android malware Trojan targets millions of devices through Play Store apps

A new Necro Trojan has been stealthily infiltrating millions of Android devices through Play Store apps. Benqu’s Wuta Camera and Max Browser were confirmed to have been affected by the Android malware Trojan, putting millions of users’ data at risk.

Mod versions of WhatsApp, Spotify, and Minecraft are also suspected to have included the new Android malware Trojan. These applications are usually distributed on unofficial websites and app stores, hence, their reach can not be quantified.

Google is seemingly aware of the Trojan and the apps housing it, and it is currently investigating the issue. This kind of flaw can download and execute arbitrary code, potentially leading to subscription fraud, and route malicious traffic.

We highly recommend using apps downloaded only from Google Play or Galaxy Store. In case you’ve sideloaded any mod app, you should uninstall it immediately. Also, if you are the user of the two affected apps, uninstall is advised.

Benqu’s Wuta Camera

It has more than 10 million downloads, which contained the Necro Trojan from version 6.3.2.148 (July 18) through version 6.3.6.148 (August 20).

Max Browser

Google has now removed Max Browser from the Play Store, which had over 1 million installs. BleepingComputer reported that its latest version 1.2.0 still houses the malware.