A recent discovery by McAfee researchers has revealed a new Android backdoor malware named ‘Xamalicious,’ infecting approximately 338,300 devices through malicious apps on the Google Play Store. The malware was found in 14 affected apps, three of which had amassed 100,000 installs each before being removed from the Google Play Store. While they won’t be visible in the Play Store, those who have accidentally installed them on phones should delete them immediately.
The affected apps have been taken down from the app store, and users who installed them since mid-2020 may still have active Xamalicious affections on their devices. Hence, users are advised to manually clean up their devices. People can check if there are unwanted apps or any sort of setting or anything that looks suspicious to you should get removed from your smartphone.
–
In addition to the apps on Google Play, a separate group of 12 malicious apps having the Xamalicious threat is circulating on unauthorized third-party app stores, affecting users through APK file downloads, ANI reported.
Xamalicious, an Android backdoor, is distinctive for being based on the.NET framework and integrated into apps developed using the open-source Xamarin framework. This feature presents a heightened challenge for cybersecurity experts conducting code analysis. Upon installation, Xamalicious seeks access to the Accessibility Service, enabling it to perform privileged operations such as executing navigation gestures, concealing on-screen elements, and obtaining additional permissions.
Following installation, the malware initiates communication with a Command and Control (C2) server to retrieve the second-stage DLL payload (‘cache.bin’). This retrieval is contingent on meeting specific criteria, including geographical location, network conditions, device configuration, and root status.
Android users are strongly advised to check their devices for any signs of Xamalicious infections, even if they have uninstalled the implicated apps. It is better to use a good antivirus software for manual clean-up and regular device scanning is recommended to ensure protection against such malware threats.
Understanding the Xamalicious Threat
Xamalicious operates like a secret “key” for attackers, offering them remote access to your phone. Once installed, it can potentially:
- Steal your sensitive data: Contacts, messages, call logs, financial information, passwords, and more are all vulnerable.
- Hijack your device: Imagine your phone making calls or sending texts without your knowledge – Xamalicious can do just that.
- Track your every move: Your browsing history, app usage, and even location data can be monitored, revealing your entire digital footprint.
- Spread like wildfire: The malware can potentially infect other devices connected to your phone, putting your network at risk.
Were You Affected?
List of 14 Apps widely installed Xamalicious-affected Android apps are as follows:
1)Essential Horoscope for Android (100,000 installs)
2)3D Skin Editor for PE Minecraft (100,000 installs)
3)Logo Maker Pro (100,000 installs)
4)Auto Click Repeater (10,000 installs)
5)Count Easy Calorie Calculator (10,000 installs)
6)Dots: One Line Connector (10,000 installs)
7)Sound Volume Extender (5,000 installs)
8)Letterlink(1000 Downloads)
9)Numerology:Personal Horoscope & Number Predictions(1000 Downloads)
10)Universal Calculator:(1000 Downloads)
11)Sound Volume Booster: (100 Downloads)
12)Track Your Sleep:(500 Downloads)
13)Step Keeper:Easy Pedometer(500 Downloads)
14)Astrological Navigator:Daily Horoscope & Tarot (100 Downloads)
However, beware – this list is not exhaustive. Even if you haven’t noticed any suspicious activity, taking precautions is essential.
Protecting Yourself from Xamalicious
- If you suspect Xamalicious might be lurking on your phone, act promptly:
- Uninstall any of the listed apps immediately. Don’t wait for symptoms; better safe than sorry.
- Run a thorough security scan using a reputable antivirus or anti-malware app. Be proactive in hunting down the threat.
- Change your passwords for all potentially breached accounts, including bank accounts, email, social media, and any other sensitive platforms.
- Report the app to Google Play Store by flagging it as “Suspicious activity.” Help protect others from falling victim.
- Stay Safe, Stay Informed
Cybersecurity threats constantly evolve, so we recommend taking these additional steps: - Download apps only from trusted sources: Stick to the official Google Play Store and avoid third-party app stores or shady websites.
- Verify app reviews and ratings: Before installing any app, check what other users are saying. Legitimate apps usually have positive reviews.
- Scrutinise app permissions: Don’t grant unnecessary access, especially to sensitive data like contacts or financial information.
- Keep your device and apps updated: Regularly update your Android OS and app versions to benefit from the latest security patches.
- Enable two-factor authentication: Add an extra layer of security to your sensitive accounts wherever possible.