Rogue apps alert: Xamalicious strikes Google Play, affects 338,300 devices

In the evolving landscape of cybersecurity, a recent discovery by McAfee researchers has sent shockwaves through the Android community. Xamalicious, a newly identified Android backdoor malware, has infected approximately 338,300 devices via malicious apps on the Google Play Store.

Malicious apps

Xamalicious was found embedded in 14 affected apps, with three accumulating a staggering 100,000 installs each before their removal from the Google Play Store. Despite their removal, users who inadvertently installed these apps since mid-2020 might still harbor Xamalicious on their devices.

Widely installed Xamalicious-affected Android apps

• Essential Horoscope for Android (100,000 installs)
• 3D Skin Editor for PE Minecraft (100,000 installs)
• Logo Maker Pro (100,000 installs)
• Auto Click Repeater (10,000 installs)
• Count Easy Calorie Calculator (10,000 installs)
• Dots: One Line Connector (10,000 installs)
• Sound Volume Extender (5,000 installs)

Unauthorised third-party app stores

Beyond the Google Play Store, 12 malicious apps with the Xamalicious threat circulate on unauthorised third-party app stores. Users are susceptible through APK file downloads, as per media reports.

Unique characteristics of Xamalicious

Xamalicious stands out by being based on the .NET (It’s a developer platform for building many different types of applications) framework and integrated into apps developed using the open-source Xamarin framework. This unique feature poses challenges for cybersecurity experts engaged in code analysis.

Modus operandi of Xamalicious

Upon installation, Xamalicious seeks access to the accessibility service, enabling it to execute navigation gestures, conceal on-screen elements, and acquire additional permissions. Subsequently, the malware communicates with a Command and Control (C2) server to retrieve the second-stage DLL payload ('cache.bin') based on specific criteria.

Protecting your device against Xamalicious

Users are strongly advised to manually check their devices for signs of Xamalicious infections. Even if the implicated apps have been uninstalled, the risk persists. Look for unwanted apps or suspicious settings and promptly remove them from your smartphone.

Antivirus software: A shield against Xamalicious

To fortify your device against malware threats, employing a reputable antivirus software is crucial. Regular manual clean-up and device scanning are recommended practices for ensuring ongoing protection.

In the face of the Xamalicious threat, knowledge is the first line of defense. Stay informed, take proactive measures, and prioritise the security of your Android device. Regularly scan for potential infections, use reliable antivirus software, and remain vigilant against emerging threats in the dynamic world of cybersecurity.