More than 11 million Android devices have been compromised with the Necro Trojan through a pair of malicious apps that have since been removed from the Google Play store, SecurityWeek reports.
Most of the infections were from the Wuta Camera app, while the rest were from the Max Browser app, according to a Kaspersky analysis. Moreover, unofficial mods for Spotify and WhatsApp, as well as the Minecraft, Car Parking Multiplayer, Stumble Guys, and Melon Sandbox games, have also been used by threat actors to spread the Necro trojan, which not only enabled executable file downloads, third-party app installation, and arbitrary link opening for JavaScript code execution but also permitted unwanted subscriptions to paid services.
Further examination of the malware revealed extensive attacks against users in Russia, Mexico, Brazil, Ecuador, and Vietnam from August 26 to September 15.
This development comes more than five years after Necro was initially discovered within the CamScanner - Phone PDF creator app.