Android Malware Detected: Researchers Idenfity Android Backdoor Called ‘Xamalicious’ That Infected Approximately 338,300 Android Devices

Computer security software company McAfee discovered 14 infected apps on Google Play, with three having 100,000 installs each, reports Bleeping Computer. The majority of infections were installed on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina, according to McAfee telemetry data.

Malware Attack representation Image (Photo Credits: Wikimedia Commons)

New Delhi, December 28: Researchers have identified an Android backdoor named 'Xamalicious', which has infected approximately 338,300 devices via malicious apps on Google Play. Computer security software company McAfee discovered 14 infected apps on Google Play, with three having 100,000 installs each, reports Bleeping Computer. Although the apps have been removed from Google Play, users who installed them since mid-2020 may still have active Xamalicious infections on their phones, which require manual cleanup and scanning.

The most popular of the Xamalicious apps inlcude -- Essential Horoscope for Android (100,000 installs), 3D Skin Editor for PE Minecraft (100,000 installs), Logo Maker Pro (100,000 installs), Auto Click Repeater (10,000 installs), Count Easy Calorie Calculator (10,000 installs), Dots: One Line Connector (10,000 installs), and Sound Volume Extender (5,000 installs). Japan Aerospace Exploration Agency's SLIM Lander Releases First Pictures of Moon From Lunar Orbit (See Pics).

In addition, a distinct group of 12 malicious apps carrying the Xamalicious threat is disseminated on unapproved third-party app stores, infecting users via downloading APK (Android package) files, the report mentioned. The majority of infections were installed on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina, according to McAfee telemetry data.

Xamalicious is a.NET-based Android backdoor that is placed (as 'Core.dll' and 'GoogleService.dll') within apps built with the open-source Xamarin framework, making code analysis more difficult. It asks Accessibility Service access upon installation, allowing it to perform privileged operations such as navigation gestures, hide on-screen objects, and grant itself further permissions. Apple 'State-Sponsored Attacks': Indian Government Summons Apple's Security Expert for Meeting, Demand Explanation for Warning.

Following installation, it contacts with the C2 (command and control) server to retrieve the second-stage DLL payload ('cache.bin') if certain geographical, network, device configuration, and root status requirements are met.

(The above story first appeared on LatestLY on Dec 28, 2023 03:28 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Share Now