McAfee researchers recently discovered a new Android backdoor virus called ‘Xamalicious,’ which infected around 338,300 devices via malicious applications on the Google Play Store.
The virus was discovered in 14 applications, three of which had over 100,000 downloads before being deleted from the Google Play Store. While they will not be displayed in the Play Store, users who have installed them on their phones by mistake should uninstall them immediately.
While the affected applications have been removed from the app store, anyone who installed them after mid-2020 may still have Xamalicious malware running on their devices.
As a result, customers are recommended to clean their devices physically. People may inspect your smartphone to see if there are any unwanted applications, settings, or anything else that appears suspect to you.
The following are some of the most popular Xamalicious-affected Android apps:
- Essential Horoscope for Android (100,000 installs)
- 3D Skin Editor for PE Minecraft (100,000 installs)
- Logo Maker Pro (100,000 installs)
- Auto Click Repeater (10,000 installs)
- Count Easy Calorie Calculator (10,000 installs)
- Dots: One Line Connector (10,000 installs)
- Sound Volume Extender (5,000 installs)
Aside from the applications available on Xamalicious, a separate set of 12 malicious apps containing the Xamalicious threat is spreading on unlicensed third-party app stores, impacting users via APK file downloads, according to ANI.
The Android backdoor Xamalicious is notable for being built on the.NET framework and incorporated into apps built using the open-source Xamarin platform. This feature increases the difficulty of code analysis for cybersecurity specialists.
Upon installation, Xamalicious attempts to access the Accessibility Service, allowing it to execute privileged activities such as performing navigation motions, hiding on-screen objects, and acquiring further rights.
Following installation, the malware contacts a Command and Control (C2) server to collect the second-stage DLL payload (‘cache.bin’). This retrieval is conditional on certain parameters, such as geographical location, network circumstances, device configuration, and root status.
Android users are urgently encouraged to examine their devices for any symptoms of Xamalicious infections, even if the involved applications have been deleted. To provide security against such malware threats, it is preferable to use a competent antivirus program for manual clean-up, and regular device scanning is suggested.