Android phones are under attack again from a dangerous Trojan horse that has infected at least 11 million devices

According to a blog post by cybersecurity firm Kaspersky, the Necro Trojan, first discovered in 2019 by the company's security researchers, is back The Trojan is now distributed in official Google Play Store apps, unofficial modifications of popular apps, and Android game mods

Once installed on one of the best Android phones, Necro then downloads additional payloads that are used to launch numerous malicious plugins From adware to subscription scams to using the infected device as a proxy to send malicious traffic, these plugins result in this malware being extremely multifunctional

Here is what you need to know about the Necro Trojan and how it infects smartphones, as well as some tips on how to protect yourself from Android malware

Even if you download legitimate apps from the Play Store, good apps can be exploited by hackers; as BleepingComputer points out, the Necro Trojan is installed through a malicious advertising software development kit (SDK) that is installed

The first and most downloaded app in the Play Store was “Wuta Camera,” which allows users to take a photo, touch it up, and add various effects This app alone was downloaded 10 million times; according to Kasperky's data, the Necro Trojan was added to version 632148 of Wuta Camera However, versions 637138 and later no longer contain the Trojan This means that if you are using an older version of this application, you should update it immediately

The next official app infected with the Necro Trojan is a web browser called Max Browser, which has had one million downloads The Trojan was added to its code in version 120, but the app was removed from the Play Store after Kaspersky notified Google that the app had gone rogue However, it is still available in third-party app stores, and we recommend downloading Max Browser for the time being

Kaspersky also discovered the Necro Trojan hiding in a modified version of the Spotify Plus app Users were invited to download a new version of the app from an unofficial source However, unlike the official Spotify app, this version was free and came with an unlocked subscription This should have been a red flag, but some unsuspecting users decided to download and install it despite the risk of their phones being infected with the Trojan horse Necro

Finally, Kaspersky discovered the Necro Trojan lurking in mods for WhatsApp, Minecraft, and other popular games, including Stumble Guys, Car Parking Multiplayer, and Melon Sandbox Hackers often use mods of popular games as bait, so if in doubt, mobile game mods should be avoided altogether

When it comes to malware-laden apps, the first and most important thing to do is avoid downloading apps from unofficial sources Side-loading apps may be easy and convenient, but it can be extremely dangerous Therefore, you should stick to official app stores such as the Google Play Store, Samsung Galaxy Store, Amazon Appstore, etc

From here, you want to make sure that Google Play Protect (pre-installed) is enabled on your Android smartphone This first-party app scans all new as well as existing apps for malware and other threats But for further protection, you should consider using one of the best Android antivirus apps with it

Even when downloading apps from the Play Store or other official app stores, you want to check their ratings and reviews first However, these can be forged, so it is always a good idea to look for video reviews online so that you can see how the app in question works before you download it

Although Google has recently made great strides in keeping malicious apps out of the Play Store, they still occasionally slip through the cracks For this reason, we recommend limiting the overall number of apps on your phone