The report revealed that the malware was found in 14 compromised apps, and three apps had already been installed 100,000 times each before being removed.
Security updates should be applied promptly to reduce the risks associated with high-risk cyber attacks. (Image source: Freepik.com)
McAfee researchers have discovered a new threat in the Android ecosystem, a new backdoor malware called “Xamalicious.” The malicious software affected approximately 338,300 devices and entered the devices through malicious apps in the Google Play Store.
According to researchers, the backdoor was built using Xamarin, an open-source framework for building Android and iOS apps using .NET and C#. “Xamalicious attempts to gain accessibility privileges through social engineering,” his McAfee Mobile Research team said in a blog post.
Once successful, it connects to a command-and-control server to decide whether to download a second-stage payload, according to the researchers. This payload is dynamically injected as an assembly DLL at runtime, giving you complete control over the device.
Backdoors can lead to fraudulent activities such as clicking on ads, installing apps, and other financially motivated activities without the user’s consent.
The second stage payload can take full control of the infected device due to the strong accessibility services already granted in the first stage. This also includes the ability to self-update the main APK and has the potential to perform all sorts of activities. According to the report, it is similar to spyware or banking Trojans that do not require user interaction.
The report revealed that the malware was found in 14 compromised apps, and three apps had already been installed 100,000 times each before being removed from the Play Store. Although these apps are no longer accessible from the Store, users who may have installed them unintentionally are advised to immediately remove the applications from their phones.
The Xamalicious malware affects several Android apps, with notable installs in widely used applications such as Essential Horscope for Android, 3D Skin Editor for PE Minecraft, and Logo Maker Pro, each with a cumulative total of 100,000 installs. I am. In addition, he also has an auto-click repeater, easy counting calorie calculator, dot:one line connector, and sound volume extender.He has 10,000 to 5,000 confirmed installations.
We recommend that users who have these apps installed on their devices uninstall them immediately to avoid potential security risks associated with Xamalicious malware.