Arecent discovery by McAfee researchers has reveal a new Android backdoor malware call as ‘Xamalicious‘ infecting approximately 338,300 devices through malicious apps on the Google Play Store.
This malware was found in 14 affected apps, three of which had 100,000 installs each before being remove from the Google Play Store.
But they won’t be visible in the Google Play Store, those who have accidentally install them on phones should delete them asap.
As the affected apps have taken down from the app store, users who install them since mid-2020 may still have active Xamalicious affections on their devices.
So users are advise to manually clean up their devices.
People can check if there are unwanted apps or any sort of setting or anything that looks suspicious to you should get remove from your smartphone.
Some of the widely install Xamalicious-affected Android apps are as follows :
- Essential Horoscope for Android (with 100,000 installs)
- 3D Skin Editor for PE Minecraft (with 100,000 installs)
- Logo Maker Pro (with 100,000 installs)
- Auto Click Repeater (with 10,000 installs)
- Count Easy Calorie Calculator (with 10,000 installs)
- Dots: One Line Connector (with 10,000 installs)
- Sound Volume Extender (with 5,000 installs)
In addition to the apps on Google Play Store, a separate group of 12 malicious apps having the Xamalicious threat is circulating on unauthorize third-party app stores, affecting users through APK file downloads, as per report.
Xamalicious, an Android backdoor, is distinctive for being based on the.NET framework and integrate into apps develop using the open-source Xamarin framework.
This feature presents a heightened challenge for cybersecurity experts conducting code analysis.
After installation, Xamalicious seeks access to the Accessibility Service, enabling it to perform privilege operations such as executing navigation gestures, concealing on-screen elements, and obtaining additional permissions.
After installation, the malware initiates communication with a Command and Control (C2) server to retrieve the second-stage DLL payload (‘cache.bin’).
This retrieval is contingent on meeting specific criteria, including geographical location, network conditions, device configuration, and root status.
Android users are advise to check their devices for any signs of Xamalicious infections, even if they have uninstall the implicate apps.
It is better to use a antivirus software for manual clean-up and regular device scanning is recommend to ensure protection against such malware threats.
