In today’s digital world, our smartphones are more than just gadgets—they hold personal data, banking details, and much more. While Android phones offer plenty of freedom, that openness comes with risks, especially when downloading apps. This week, security experts issued fresh warnings about Android malware that can steal your One-Time Passwords (OTPs), record your screen, and even take control of your phone. So, is your phone truly safe?
Two recent reports, from Kaspersky and Cleafy, highlight dangerous malware targeting Android users. According to Kaspersky (via Forbes), modified versions of popular apps like Spotify and WhatsApp can be a gateway for the Necro Trojan. This malware, which was first detected in 2019, has evolved.
Kaspersky warns that the trojan is now found in both legitimate apps, like Wuta Camera on Google Play (which was downloaded over 10 million times), and in modified apps from third-party sites. The Necro Trojan is designed to install unwanted apps, display ads, and even purchase paid subscriptions without the user’s consent.
Kaspersky’s advice is clear: avoid downloading apps from unofficial sources, and even be cautious with those on Google Play.
Also read: High-risk security flaw found in iPhones and other Apple products: Is your device safe?
The second threat comes from Cleafy, which identified an unclassified Android banking Trojan, a variant of TrickMo. TrickMo is distributed through fake Chrome browser updates and pretends to be Google Play Services, tricking users into granting it permissions. Once installed, TrickMo can steal OTPs, record screens, log keystrokes, and more, all while avoiding detection.
These two reports highlight a common issue: even popular apps and trusted names can be used to disguise malware. To stay safe, Google recommends using only official app stores, ensuring Play Protect is enabled, and being mindful of app permissions.
To protect yourself, follow these safety tips: