What Is Necro Trojan?

Necro trojan is a form of malware that primarily targets Android devices, and is distributed through applications on the Google Play store and other third-party application extensions. This trojan infects devices and then executes commands that launch invisible ads that link to malware downloaders, installs malicious third-party apps, and even subscribes users to costly paid services.

Download the Security Report Demander une démo

Evolution of the Necro Trojan and Its Advanced Evasion Techniques

Necro trojan first emerged in late 2018, with several high-profile applications containing Necro doppers throughout 2019. Some modified applications, like WhatsApp add-ons, that were distributed by unofficial sources were the original carriers of this form of malware.

However, over the past few years, the Necro trojan has continued to evolve…

Part of what makes Necro trojan so difficult to trace and prevent is that hackers have been able to put their malware inside extremely popular apps.

Wuta Camera

For example, one application called Wuta Camera, which was a photo retouching app with over 10 million downloads, was infected with Necro Trojan without the owners’ knowledge.

The trojan was only recently patched out of this app, but users who still have an older version on their devices could still have an infected device. Many applications with millions of downloads have seen similar hacks in the past. So, you should be extremely careful with applications you download on the Google Play store.

CamScanner

Even back in 2019, the first clues that this was going to be a primary distribution method began to come to light.

The widely popular application CamScanner, which has over 100 million downloads on the Google Play store, was infected with this particular trojan.

Spotify

Another recent download tactic has been to send out phishing emails and launch advertisements that ask users to download a ‘Pro’ or ‘Premier’ version of a certain application. One example of this was ‘Spotify Plus,’ a fake version of the popular Spotify application.

In late 2024, it was reported that upwards of 11 million Android devices were infected with Necro trojan.

Impact of the Necro Trojan

Once the Necro trojan enters a device, it’ll begin to execute payloads depending on that specific stain and its target. There are many potential outcomes for a device that is infected with Necro trojan without the user’s knowledge:

  • Financial Damages: Necro trojan may allow a malicious actor to enter a user’s device via remote access and create recurring billing payments through the Google Play store to nefarious applications or services. If a user does not realize these payments are happening, a malicious actor could begin to drain their bank account.
  • Resource Stealing: Some threat actors use trojans like Necro to gain access to a device’s resources. They can then use these devices in cryptocurrency farming operations, consuming the device’s internal resources and dramatically slowing the phone.
  • Further Downloads: Necro trojan could execute payloads that download other forms of malware onto a device. This could lead to the complete corruption of a mobile phone, rendering it inoperable.
  • Data Exfiltration: As Necro trojan has the ability to act as spyware and access your device’s files, malicious actors could execute a payload that begins to extract them from your system. For work devices, this could even turn into a ransomware event.

Top 4 Prevention Strategies

Although trojans are a difficult form of malware due to their clandestine nature, there are several strategies that you can employ to protect themselves and prevent trojans from downloading to their devices.

Here are some of the top strategies to employ to defend against trojans:

  1. Deploy Endpoint Security: Employing endpoint security that adds firewalls and device monitoring software to your mobile phone is one of the most effective ways of protecting against trojans like Necro. Endpoint security scanners will detect malicious content within files you attempt to download and prevent them from entering your device.
  2. Access Software Updates: As with the earlier Wuta Camera example, the developers of the application were able to locate Necro and patch it out of their system as quickly as possible. For those who understand the importance of regular updates, this meant that they could remove the infected application from their device. Those who failed to update to the most recent patch unknowingly left the trojan on their device, giving it more time to steal resources and further embed itself on a device.
  3. Self-Educate Around Signs of Malware: While trojans like Necro are harder to spot, it’s still advisable that you bring yourself up to speed on what traditional malware distribution looks like and how best you can keep yourself safe. Understanding both the common signs of a potentially dangerous file and the effects of malware present on your system will help you to protect yourself.
  4. Backup Your Devices: If you are aware that you have downloaded an application with malware, then you can always revert to an earlier backup to remove the malicious software from your mobile phone. While this may not always work, as some trojans will execute payloads that specifically delete backups, it is always a great idea to regularly back up your devices.

Prevent Trojan Infections with Check Point

Malicious software, especially those that fly under the radar like trojans, are extremely dangerous. Beyond just having financial repercussions, they could systematically:

  • Steal your device data
  • Spread malware to other devices
  • Hijack your accounts

For any business devices, failing to cover these endpoints could be the first error that leads to a widespread breach. Check Point Harmony Mobile Protection offers full mobile security, delivering complete protection for mobile devices and defending against malware threats like Necro trojan.

With complete protection and easy adoption, businesses can secure their mobile endpoints against malware and phishing attempts while maintaining their privacy. Get started today by requesting a demo.

Commencez

Solution de sécurité pour postes de travail

RAPPORT SUR LA CYBERSÉCURITÉ 

Protection avancée des postes

Prévention avancée des menaces réseau

Sujets connexes

What is a Cyber Attack

Remote Access Trojan (RAT)

Spyware

Qu'est-ce qu'un logiciel malveillant ? 

Agent Tesla Malware

×
  Commentaires
Ce site web utilise des cookies pour sa fonctionnalité et à des fins d'analyse et de marketing. En continuant à utiliser ce site web, vous acceptez l'utilisation de cookies. Pour plus d'informations, veuillez lire notre avis sur les cookies.
OK