Description
A new version of the Necro Trojan has infected various popular applications, including game mods and apps on Google Play, potentially affecting over 11 million Android devices. The multi-stage loader uses steganography to hide payloads and obfuscation to evade detection. Its modular architecture allows for targeted delivery of updates or new malicious modules. The Trojan can display ads, download and execute arbitrary files, install applications, open links in invisible windows, run tunnels through victim devices, and potentially subscribe to paid services. Infected apps include Wuta Camera, Max Browser, and modified versions of Spotify, WhatsApp, and games like Minecraft.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 24, 2024, 1:15 p.m. | Sept. 24, 2024, 1:15 p.m. | Sept. 24, 2024, 1:37 p.m. |
Indicators
2001dcbde6310fd03413d7936475d50e8bbafc6bd3c62ae637af2039cb74fff1
47.88.246.111
47.88.245.162
47.88.190.200
47.88.3.73
Attack Patterns
Necro
xHelper
Triada
CanesSpy
Necro
T1574.006
T1102.002
T1573.001
T1027.002
T1059.004
T1095
T1056.001
T1071.001
T1036.005
T1204.002
T1176
T1047
T1140
T1027
Additional Informations
Brazil
Russian Federation