In a recent discovery, McAfee researchers have detected a concerning threat within the Android environment: a sophisticated backdoor malware named ‘Xamalicious.’ This insidious software targeted around 327,000 devices and introduced malicious apps hidden in the Google Play Store. Built using Xamarin, an open source framework for developing Android and iOS apps in .NET and C#, Xamalicious supports social Hire engineering to gain accessibility privileges.
If successful, the malware establishes a connection with a command and control server and decides whether to deploy the second stage payload. This dynamic payload is injected as an assembly DLL at runtime, giving the attacker complete control over the compromised device.
I’m currently using WhatsApp. Click to join.
I don’t know either
Would you like to buy a mobile phone?
Potential impact
The impact of this backdoor is severe and can lead to fraudulent activities such as ad clicks, app installs, and other financially motivated activities without the user’s knowledge or consent. The second stage payload has the powerful accessibility services obtained in the first stage and can take full control of the infected device. This includes the ability to self-update the main APK without requiring user interaction, opening the door to a variety of activities ranging from spyware to banking Trojans.
The report revealed that Xamalicious malware was found in 14 compromised apps, three of which had already accumulated 100,000 installs each before being promptly removed from the Play Store. . Although these apps are no longer accessible, users who may have downloaded them inadvertently are strongly advised to immediately remove the applications from their devices.
Notable applications affected by Xamalicious include Essential Horscope for Android, 3D Skin Editor for PE Minecraft, and Logo Maker Pro, each boasting 100,000 installs. Additionally, Auto Click Replyer, Count Easy Calorie Calculator, Dots: One Line Connector, and Sound Volume Extender, with installations ranging from 10,000 to 5,000, have also been identified as malware carriers.
For users who have these apps installed on their devices, we strongly recommend that they uninstall them promptly to reduce the potential security risks associated with Xamalicious malware. Stay vigilant to protect your Android device from this new threat.