Within a few hours, millions of you will be unwrapping your shiny new smartphone, courtesy of Santa Claus. This is a timely reminder of the need for us all to take responsibility. Google and Apple keep us safe.
Days after millions of Android users were warned to check their devices for apps laced with the dangerous ‘SpyLoan’ malware, a new backdoor is being distributed through multiple apps on Google’s official Play Store. “Xamalicious” is now available.
“The Android/Xamalicious Trojan is an app related to health, gaming, horoscopes, and productivity,” McAfee warned in a report that occurred just as the holiday period began. Google also removed the apps from its store before they were released, but McAfee warned Android users that “most of these apps are still available for download on third-party marketplaces.”
These apps are designed to trick users into agreeing to requests for accessibility permissions, which allow the app to control device features that would normally be locked down. Of all the warnings embedded in this report, this one is the most worrying.
This is the second such accessibility warning for Android users in a week. Another is the re-emergence of the Chameleon Trojan that triggers HTML pages. The Trojan once again tricks users into agreeing to accessibility requests, bypassing Android’s new and improved “restricted settings,” and in this case compromising and stealing the device’s biometric security. Financial information.
“Manipulating accessibility settings and launching dynamic activities further emphasizes that the new Chameleon is a sophisticated Android malware strain,” warns ThreatFabric, which identified this iteration. However, we want to be clear that it remains harmless unless users unlock the door for that sophisticated malware to infect their devices.
When it comes to Xamalicious, here are the Play Store apps that you should remove immediately. Please note that when Google bans an app from the store, it does not remove the app from your device. And while the number of downloads for which this warning was raised is still in the hundreds of thousands, not millions, installs from third-party stores are likely to be even higher, especially for those who are trying on thin ice. Sho.
Xamalicious app:
- Essential horoscope for Android
- 3D Skin Editor for PE Minecraft
- logo maker pro
- autoclick repeater
- Count easy calorie calculator
- volume extender
- letter link
- Numerology: Personal horoscope and number predictions
- Step Keeper: Easy pedometer
- track your sleep
- volume booster
- Astrology Navigator: Daily Horoscopes and Tarot
- universal calculator
Xamalicious takes a simpler approach to acquiring privileges and using them to facilitate communication with command and control servers. When you install Xamalicious, it sends all the device information (hardware, OS, installed apps, location, network) necessary to determine if an attack is likely to yield results. At this stage, you will be prompted to download and install malicious code that will be used to control your device and trigger background activities.
The newly discovered Chameleon variant takes a different approach by presenting itself to users as a Google Chrome app, which is the same as the accessibility permission abuse that facilitates account and device takeover. This Trojan can stop the device from requesting biometric authentication and instead ask for her PIN, allowing the user to steal her account credentials. “The victim’s biometric data remains inaccessible, but the device is forced to fall back to her PIN authentication, completely bypassing biometric protection,” he explains from ThreatFabric.
Full details of the attack plot can be found in reports (1, 2), but in reality these details are more important than social engineering, which both Trojans rely on to attack devices. much less important. In reality, if you’re likely to grant accessibility privileges to your horoscope or calorie counting app, you’re unlikely to notice any other signs of compromise on your smartphone.
As Google warns Android users, “Harmful apps may require changes to settings that put your device or data at risk. To protect you from harmful apps, install apps At times, some device settings may be restricted. These restricted settings cannot be changed unless you allow the restricted settings.”
So the solution here is very simple. Never give such permissions to any app unless it’s from a good brand like Apple, Google, or Microsoft. Also, such access is logically necessary, given the limited movement and sensation when using it. Such an app.
Google is much more open than Apple when it comes to allowing apps on its devices and making them available outside of its official store. A less lockdown approach than Apple’s opens the (back)door to more Play Store malware than Apple’s App Store.
It all comes down to user choice in Google’s mind. “We are trying to strike a balance. We believe in choice,” Sundar Pichai explained last month. But such choices come with responsibility. That involves being careful and aware of the access requested by apps, but it also influences the nature of the apps you allow on your smartphone and, by extension, the nature of the apps you allow into your life in the first place.
My advice to Android users is to check this regularly. In Settings, tap Privacy, then tap Accessibility Special Access. Make sure you’re familiar with the apps listed, and if you’re not, tap the app to remove access. You can also check other permissions you have granted on the same Settings screen. Cleaning from time to time is always a good chore. You never know what’s going to get in there.
Your smartphone can potentially give you access to your financial accounts, work email, and private thoughts and messages. They know where you live and work, who you like and don’t like, and even your children and school. It may be tempting to install a flashlight or AI aging app, but each app you install increases the risk of a breach. Take a moment to think about whether you need an app and what it actually needs to know when it requests access to data or device features.
follow me twitter Or LinkedIn.