In a recent discovery, McAfee researchers have detected a concerning threat within the Android landscape, a sophisticated backdoor malware named ‘Xamalicious.’ Targeting approximately 327,000 devices, this insidious software made its way through deceptive apps lurking on the Google Play Store. Crafted using Xamarin, an open-source framework for developing Android and iOS apps with .NET and C#, Xamalicious employs social engineering to acquire accessibility privileges, as detailed in a recent blog post by the McAfee Mobile Research Team.
Once successful, the malware establishes a connection with a command-and-control server, determining whether to deploy a second-stage payload. This dynamic payload, injected as an assembly DLL at runtime, grants the attacker full control over the compromised device.
We are now on WhatsApp. Click to join.
Not sure which
mobile to buy?
Potential Ramifications
The ramifications of this backdoor are severe, potentially leading to unauthorized activities such as ad clicks, app installations, and other financially motivated actions without the user’s knowledge or consent. The second-stage payload, armed with powerful accessibility services obtained in the initial stage, can take complete control of the infected device. This includes functions for self-updating the main APK, opening the door to various activities, ranging from spyware to banking trojans, all without requiring user interaction.
The report disclosed that the Xamalicious malware was discovered in 14 compromised apps, three of which had already amassed 100,000 installations each before being swiftly removed from the Play Store. While these apps are no longer accessible, users who may have inadvertently downloaded them are strongly urged to delete the applications from their devices immediately.
Noteworthy applications affected by Xamalicious include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, and Logo Maker Pro, each boasting 100,000 installs. Furthermore, Auto Click Repeater, Count Easy Calorie Calculator, Dots: One Line Connector, and Sound Volume Extender, with installations ranging from 10,000 to 5,000, have also been identified as carriers of the malware.
For users with these apps on their devices, swift uninstallation is strongly recommended to mitigate potential security risks linked to the Xamalicious malware. Stay vigilant to protect your Android device from this emerging threat.