Rogue apps alert: Xamalicious strikes Google Play, affects 338,300 devices
There is a new threat to Android devices - Xamalicious. McAfee researchers unveil a backdoor malware infecting 338,300 devices via malicious Google Play Store apps.
Highlights
- New Android malware, Xamalicious, has infected 338,000 devices
- The malware has been discovered by McAfee researchers
- Xamalicious stands out by being based on the.NET framework
In the evolving landscape of cybersecurity, a recent discovery by McAfee researchers has sent shockwaves through the Android community. Xamalicious, a newly identified Android backdoor malware, has infected approximately 338,300 devices via malicious apps on the Google Play Store.
Malicious apps
Xamalicious was found embedded in 14 affected apps, with three accumulating a staggering 100,000 installs each before their removal from the Google Play Store. Despite their removal, users who inadvertently installed these apps since mid-2020 might still harbor Xamalicious on their devices.
Widely installed Xamalicious-affected Android apps
- Essential Horoscope for Android (100,000 installs)
- 3D Skin Editor for PE Minecraft (100,000 installs)
- Logo Maker Pro (100,000 installs)
- Auto Click Repeater (10,000 installs)
- Count Easy Calorie Calculator (10,000 installs)
- Dots: One Line Connector (10,000 installs)
- Sound Volume Extender (5,000 installs)
Unauthorised third-party app stores
Beyond the Google Play Store, 12 malicious apps with the Xamalicious threat circulate on unauthorised third-party app stores. Users are susceptible through APK file downloads, as per media reports.
Unique characteristics of Xamalicious
Xamalicious stands out by being based on the .NET (It’s a developer platform for building many different types of applications) framework and integrated into apps developed using the open-source Xamarin framework. This unique feature poses challenges for cybersecurity experts engaged in code analysis.
Modus operandi of Xamalicious
Upon installation, Xamalicious seeks access to the accessibility service, enabling it to execute navigation gestures, conceal on-screen elements, and acquire additional permissions. Subsequently, the malware communicates with a Command and Control (C2) server to retrieve the second-stage DLL payload ('cache.bin') based on specific criteria.
Protecting your device against Xamalicious
Users are strongly advised to manually check their devices for signs of Xamalicious infections. Even if the implicated apps have been uninstalled, the risk persists. Look for unwanted apps or suspicious settings and promptly remove them from your smartphone.
Antivirus software: A shield against Xamalicious
To fortify your device against malware threats, employing a reputable antivirus software is crucial. Regular manual clean-up and device scanning are recommended practices for ensuring ongoing protection.
In the face of the Xamalicious threat, knowledge is the first line of defense. Stay informed, take proactive measures, and prioritise the security of your Android device. Regularly scan for potential infections, use reliable antivirus software, and remain vigilant against emerging threats in the dynamic world of cybersecurity.
