Necro Malware Infects 'Modified' Spotify, WhatsApp

"Modified" versions of popular apps have helped distribute a nasty piece of Android malware. The tactic expanded the reach of the Necro Trojan despite Google's security checks.

Necro was able to survive for some time before discovery, largely because the infection wasn't obvious to users. Its main purpose was to hijack phones and use them to make money for the people behind the malware.

This included displaying paid ads in the background so that users didn't see them, but the scammers were able to claim revenue from advertisers. The malware would also install apps on the phone to earn commission. In both cases, the phone would potentially run slower and eat up data, but the source of the slowdown wouldn't be obvious to users.

Browser and Camera Apps Infected

Kaspersky, which discovered Necro, says it was distributed in two ways. One was the familiar tactic of hiding it in apps that got into the official Google Play Store, promising to perform a simple function and hiding their real purpose.

In this case, 10 million people downloaded an image manipulation tool called Wuta Camera, with another million downloading a web browser called Max Browser. Both evaded Google's security verification and didn't arouse suspicion as they performed their advertised tasks, earning decent user reviews. (Source: kaspersky.co.uk)

Max Browser has now been removed by Google though surprisingly Wuta Camera was still available at the time of writing.

Spotify "Money-Saver" Hid Scam

The people behind Necro expanded their reach by distributing it through "modified" versions of real apps through third party web stores. These require the user to change security settings on their phone to allow apps from sources other than Google Play.

The "modified apps" promised to deliver all the functions of official apps, but with extra features. For example, special versions of WhatsApp claimed to offer better privacy controls. Meanwhile "Spotify Plus" played on people's greed by claiming to offer premium Spotify features without any subscription fee.

The scammers used similar tactics with "mod" versions of several popular games such as Minecraft. (Source: bleepingcomputer.com)

What's Your Opinion?

Do you install Android apps from sources other then the Google Play store? How much reliance do you place on Google having vetted apps in the official store? Do you have any sympathy for people who get malware from apps such as the knockoff Spotify "mod"?