This Android malware can steal your OTPs, record your screen, and more: Is your phone safe?
Modified versions of popular apps like Spotify and WhatsApp can be a gateway for the Necro Trojan.
The trojan is found in both legitimate apps, like Wuta Camera on Google Play (which was downloaded over 10 million times), and in modified apps from third-party sites.
The Necro Trojan is designed to install unwanted apps, display ads, and even purchase paid subscriptions without the user’s consent.
In today’s digital world, our smartphones are more than just gadgets—they hold personal data, banking details, and much more. While Android phones offer plenty of freedom, that openness comes with risks, especially when downloading apps. This week, security experts issued fresh warnings about Android malware that can steal your One-Time Passwords (OTPs), record your screen, and even take control of your phone. So, is your phone truly safe?
Two recent reports, from Kaspersky and Cleafy, highlight dangerous malware targeting Android users. According to Kaspersky (via Forbes), modified versions of popular apps like Spotify and WhatsApp can be a gateway for the Necro Trojan. This malware, which was first detected in 2019, has evolved.
Kaspersky warns that the trojan is now found in both legitimate apps, like Wuta Camera on Google Play (which was downloaded over 10 million times), and in modified apps from third-party sites. The Necro Trojan is designed to install unwanted apps, display ads, and even purchase paid subscriptions without the user’s consent.
Kaspersky’s advice is clear: avoid downloading apps from unofficial sources, and even be cautious with those on Google Play.
Also read: High-risk security flaw found in iPhones and other Apple products: Is your device safe?
The second threat comes from Cleafy, which identified an unclassified Android banking Trojan, a variant of TrickMo. TrickMo is distributed through fake Chrome browser updates and pretends to be Google Play Services, tricking users into granting it permissions. Once installed, TrickMo can steal OTPs, record screens, log keystrokes, and more, all while avoiding detection.
These two reports highlight a common issue: even popular apps and trusted names can be used to disguise malware. To stay safe, Google recommends using only official app stores, ensuring Play Protect is enabled, and being mindful of app permissions.
To protect yourself, follow these safety tips:
- Only download apps from official stores.
- Be cautious of apps asking for unnecessary permissions.
- Regularly clean up unused apps on your device.
- Never install apps from third-party sources, especially mods.
Ayushi Jain
Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds. View Full Profile