At the end of this year, there will be another batch of malicious Android apps that you need to remove from your smartphone as soon as possible.
The McAfee Mobile Research team reports that Xamalicious is available on Google Play and third-party app stores because it is “implemented in Xamarin, an open-source framework that lets you build Android and iOS apps using .NET and C#.” I found an app infected with malware.
Once installed, the malicious app “attempts to gain accessibility privileges using social engineering and then evaluates whether to contact a command and control server to download a second stage payload.” Once the stage’s payload is installed, it will gain complete control over the device and “could potentially perform all kinds of activities, including spyware and banking Trojans, without user interaction,” McAfee said. says Mr.
These apps can also install other apps or click on ads without your consent. For example, the Cash Magnet app automatically clicks on ads and installs the app to fraudulently generate revenue. Users believe they are earning points that can be redeemed as retail gift cards.
“This means that the developers behind these threats have financial motivations and are promoting ad fraud. Therefore, this could be one of the main payloads of Xamalicious. ,” McAfee said.
McAfee identified 25 apps containing this threat, 13 of which were distributed on Google Play dating back to 2020. “The use of the Xamarin framework allows a malware author to continue operating undetected for long periods of time, and the benefit of her APK file build process is that it acts as a packer to hide malicious code.
“Malware authors also implemented various obfuscation techniques and custom encryption to leak data and communicate with command and control servers,” McAfee added.
Editor’s picks
McAfee estimates that these apps may have compromised 327,000 devices from Google Play, in addition to downloads from third-party markets. Most of the Xamalicious activity was detected in the United States, Brazil, and Argentina, but infections were also reported in the United Kingdom, Spain, and Germany.
After McAfee reported the app, Google removed it from Google Play. However, it may still be installed on your device. In that case, you should remove it immediately. This is the complete list of apps (and their package names) that were once on Google Play, along with the number of downloads they received.
-
Essential horoscope for Android (om.anomenforyou.essentialhorscope) – 100,000 downloads
-
3D Skin Editor for PE Minecraft (com.littleray.skineditorforpeminecraft) – 100,000
-
logo maker pro (com.vyblystudio.dotslinkpuzzles) – 100,000
-
autoclick repeater (com.autoclickrepeater.free) – 10,000
-
Count easy calorie calculator (com.lakhinstudio.counteasycalculator) – 10,000
-
volume extender (com.muranogames.easyworkoutsathome) – 5,000
-
Letter link (com.regaliusgames.llinkgame) – 1,000
-
Numerology: Personal horoscope and number predictions (com.Ushak.NPHOROSCOPENUMBER) – 1,000
-
Step Keeper: Easy pedometer (com.browgames.stepkeepereasymeter) – 500
-
track your sleep (com.shvetsStudio.trackYourSleep) – 500
-
volume booster (com.devapps.soundvolumebooster) – 100
-
Astrology Navigator: Daily Horoscopes and Tarot (com.Osinko.HorscopeTaro) – 100
-
universal calculator (com.Potap64.universalcalculator) – 100
Like what you’re reading?
Apply security watch A newsletter that delivers the top privacy and security articles straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. By subscribing to our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe from the newsletter at any time.