New Android Malware Threats: Why You Should Rethink Your App Downloads

In the latest security warning for Android users, cybersecurity expert Zak Doffman, CEO of Digital Barriers, highlights the continuing threat posed by evolving malware, particularly the Necro Trojan, which has resurfaced in popular apps. The Necro Trojan first made headlines in 2019 when researchers discovered it in the widely downloaded CamScanner app. Now, as Kaspersky recently reported, the malware has been found in new apps such as Wuta Camera—downloaded over 10 million times from the Google Play Store—and in unofficial versions of Spotify mods circulating outside the Play Store.

Doffman underscores Google’s efforts to clean up its Play Store, including a recent crackdown on sideloading and the upcoming introduction of live threat detection in Android 15’s Play Protect feature. Despite these advancements, “serious risks still remain,” Doffman warns, urging users to avoid third-party stores and mods of popular apps, which have been a common vector for distributing the Necro Trojan. The malware’s capabilities have grown more sophisticated, now able to install apps, interact with ads in invisible windows, and even make unauthorized payments from victims’ devices.

A Google spokesperson confirmed that “all malicious versions of the apps identified by this report were removed from Google Play prior to report publication,” and emphasized that Google Play Protect, enabled by default on Android devices, protects users from known malware, including Necro and TrickMo.

Meanwhile, other threats are looming. Cleafy reports a new variant of TrickMo, a banking Trojan first detected in 2019. TrickMo intercepts one-time passwords, records screens, and grants hackers remote control over Android devices, making it a formidable adversary for security systems.

The discovery of Octo2, a new variant of the Exobot malware family, adds to the concerns. According to ThreatFabric, Octo2 can intercept app-specific notifications, and its remote access capabilities make it especially dangerous to mobile banking users. Octo2 has been detected globally, with cybercriminals renting the malware to rapidly spread its reach.

Doffman advises users to stay vigilant: stick to official app stores, avoid granting unnecessary permissions, and regularly scan devices for outdated or unused apps. “The emergence of Octo2 signals future challenges for mobile banking security,” he warns, as malware evolves to bypass even the latest protections.

The message is clear: even as Google strengthens its defenses, the threat landscape for Android users remains perilous. Staying cautious with app downloads and permissions is essential to protect against the sophisticated new wave of Android malware.