A fresh Android malware threat named ‘Xamalicious’ has emerged, affecting around 338,300 devices through malicious apps found on the Google Play Store. Researchers from McAfee discovered the malware in 14 apps, with three of them accumulating over 100,000 installs each before removal from the Play Store. Although removed from the store, users who inadvertently installed these apps since mid-2020 may still have active infections on their devices and are urged to delete them immediately.
The affected apps include:
Essential Horoscope for Android (100,000 installs)
3D Skin Editor for PE Minecraft (100,000 installs)
Logo Maker Pro (100,000 installs)
Auto Click Repeater (10,000 installs)
Count Easy Calorie Calculator (10,000 installs)
Dots: One Line Connector (10,000 installs)
Sound Volume Extender (5,000 installs)
In addition to the Play Store, another set of 12 malicious apps carrying the Xamalicious threat circulates on unauthorized third-party app stores, affecting users through APK file downloads.
Xamalicious, categorized as an Android backdoor, stands out for being.NET framework-based and integrated into apps developed using the open-source Xamarin framework. This uniqueness poses challenges for cybersecurity experts analyzing its code. Upon installation, Xamalicious requests access to the Accessibility Service, enabling it to perform privileged operations such as executing navigation gestures, hiding on-screen elements, and obtaining additional permissions.
Post-installation, the malware communicates with a Command and Control (C2) server to retrieve the second-stage DLL payload (‘cache.bin’). This retrieval depends on specific criteria, including geographical location, network conditions, device configuration, and root status.
Android users are strongly advised to check their devices for potential Xamalicious infections, even after uninstalling the implicated apps. Utilizing a reliable antivirus software for manual clean-up and conducting regular device scans is recommended to ensure protection against such malware threats.
Note: Users are encouraged to be cautious and vigilant when downloading apps, even from official stores, and consider employing security measures to safeguard their devices.