Android Malware Alert – 14 Apps, 338,300 Devices Affected, Act Now
A recent discovery by McAfee researchers has unveiled a novel Android backdoor malware dubbed 'Xamalicious,' infiltrating around 338,300 devices through deceptive apps on the Google Play Store. This malicious software was detected in 14 apps, with three of them accumulating 100,000 installations each before being removed from the Play Store. Despite their removal, users who inadvertently installed these apps are urged to delete them promptly.
While the affected apps have been removed from the official app store, users who installed them since mid-2020 may still harbour active Xamalicious infections on their devices. Consequently, individuals are advised to manually inspect and clean up their devices, scrutinizing for any suspicious settings or unfamiliar apps.
Some of the widely installed Android apps affected by Xamalicious include:
- Essential Horoscope for Android (100,000 installs)
- 3D Skin Editor for PE Minecraft (100,000 installs)
- Logo Maker Pro (100,000 installs)
- Auto Click Repeater (10,000 installs)
- Count Easy Calorie Calculator (10,000 installs)
- Dots: One Line Connector (10,000 installs)
- Sound Volume Extender (5,000 installs)
Apart from the Google Play Store, an additional group of 12 malicious apps carrying the Xamalicious threat circulates on unauthorized third-party app stores, impacting users through APK file downloads.
Xamalicious, characterized as an Android backdoor, stands out for its reliance on the.NET framework and integration into apps developed using the open-source Xamarin framework. This unique feature poses a challenge for cybersecurity experts engaged in code analysis. Once installed, Xamalicious seeks Accessibility Service access, allowing it to execute privileged operations such as navigation gestures, hide on-screen elements, and acquire additional permissions.
Post-installation, the malware communicates with a Command and Control (C2) server to fetch the second-stage DLL payload ('cache.bin'). This retrieval is conditional on meeting specific criteria, including geographical location, network conditions, device configuration, and root status.
Android users are strongly encouraged to inspect their devices for signs of Xamalicious infections, even if they have uninstalled the implicated apps. Utilizing reputable antivirus software for manual cleanup and regular device scanning is recommended to ensure protection against such malware threats.