New Delhi, Dec 28 – Researchers have discovered a new Android malware called ‘Xamalicious’, which has infected over 330,000 devices through malicious apps on Google Play. Security software company McAfee identified 14 infected apps on Google Play, three of which had over 100,000 installs each. Although the apps have been removed from the platform, users who downloaded them since mid-2020 may still have active infections on their phones, requiring manual cleanup and scanning. Additionally, 12 other malicious apps carrying the Xamalicious threat are being distributed through unofficial third-party app stores.
The majority of infections were found on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina, according to McAfee’s telemetry data. Xamalicious is a.NET-based Android backdoor that is disguised as ‘Core.dll’ and ‘GoogleService.dll’ within apps built with the open-source Xamarin framework. This makes it more difficult to analyze the code. Upon installation, it requests Accessibility Service access, granting it the ability to perform privileged operations and obtain further permissions. The malware then contacts a command and control (C2) server to retrieve a second-stage DLL payload (‘cache.bin’) if specific geographical, network, device configuration, and root status requirements are met.
It’s concerning to see such a large number of users affected by this Android malware, said a spokesperson from McAfee. We urge users to be cautious when downloading apps from unofficial sources and ensure they have reliable security software installed on their devices.
The malicious apps with the highest number of installs include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, and Logo Maker Pro, each with 100,000 installs. Other infected apps include Auto Click Repeater, Count Easy Calorie Calculator, Dots: One Line Connector, and Sound Volume Extender, with varying install numbers.
Users are advised to be vigilant and cautious when downloading apps, especially from unofficial sources. It is crucial to have reputable security software installed on devices to detect and protect against such threats.
As the popularity of Android devices continues to rise, it is imperative that users remain vigilant and adopt secure practices to safeguard their personal information and devices from malicious actors.
In conclusion, the Xamalicious Android backdoor has compromised hundreds of thousands of devices through infected apps on Google Play. Despite the removal of these apps, users who downloaded them since mid-2020 may still have active infections that require manual cleanup. It is essential for users to exercise caution when downloading apps and prioritize the security of their devices to mitigate the risk of malware infections.
