Xamalicious Android Malware: The New Android Threat Lurking in Popular Apps
In a recent alarming discovery, cybersecurity researchers at McAfee have unearthed a new Android backdoor malware named ‘Xamalicious.’ This digital menace has quietly infected around 338,300 devices through seemingly harmless apps on the Google Play Store. Brace yourselves as we delve into the details.
The Sneaky Culprit
Xamalicious was uncovered within 14 apps, three of which had already racked up a whopping 100,000 installs each before Google Play Store authorities took swift action and removed them. But the threat doesn’t end there if you’ve inadvertently installed any of these apps since mid-2020, the danger might still be lurking on your device.
Silent Infiltration
The affected apps might be gone from the Play Store, but their impact persists for those who fell victim to their charms. Users are now urged to manually clean up their devices. Check for any unfamiliar apps or suspicious settings and bid them farewell from your smartphone.
The Hit List
Here are some of the notorious apps to watch out for:
- Essential Horoscope for Android (100,000 installs)
- 3D Skin Editor for PE Minecraft (100,000 installs)
- Logo Maker Pro (100,000 installs)
- Auto Click Repeater (10,000 installs)
- Count Easy Calorie Calculator (10,000 installs)
- Dots One Line Connector (10,000 installs)
- Sound Volume Extender (5,000 installs)
Beyond the Play Store
The threat extends beyond the sanctioned Google Play Store, with an additional 12 malicious apps housing Xamalicious circulating on unauthorized third-party app stores. Users are at risk through APK file downloads, posing a challenge for those who venture beyond official app repositories.
Xamalicious Unveiled
What sets Xamalicious apart is its foundation on the.NET framework, embedded in apps developed with the open-source Xamarin framework. This complexity poses a challenge for cybersecurity experts analyzing its code. Once inside a device, Xamalicious aims for Accessibility Service access, enabling it to perform privileged operations like navigation gestures and acquiring additional permissions.
The Dark Symphony
After installation, the malware establishes communication with a Command and Control (C2) server to fetch a second-stage DLL payload known as ‘cache.bin‘ This eerie exchange is conditional on various factors, including location, network conditions, device setup, and root status.
[ Also Read This : 10 Best and Useful Chrome Extensions for Frontend Web Developers ]
Stay Vigilant
Android users are strongly advised to check their devices for signs of Xamalicious, even if the implicated apps have been uninstalled. Using reliable antivirus software for manual clean-up and regular device scans is recommended to ensure protection against such malicious threats.
In this era of digital threats, awareness is your best defense. Stay informed, stay safe.
