Kaspersky reported that altered versions of popular Android apps, including Spotify and WhatsApp, have been leveraged to deliver a new malware loader known as Necro, which has compromised up to 11 million downloads.
Dmitry Kalinin of Kaspersky noted the malware uses obfuscation techniques and steganography to hide its payloads, enabling it to evade detection while taking control of victim devices.
The malware's capabilities include displaying ads in invisible windows, executing arbitrary DEX files, and opening links in invisible WebView windows, threatening user security.
CamScanner, where Necro was first discovered, attributed the issue to a rogue advertisement SDK from AdHub, highlighting third-party software vulnerabilities in app security.
Collection
[
|
...
]