Malicious Apps on Google Play Infect 330K Devices with New Android Malware

McAfee, a computer security software company, identified 14 infected apps on Google Play, three of which had amassed 100,000 installs each, as per reports from Bleeping Computer.
Edited By : Ashlin Rajan
New Delhi | Thursday, 28 December 2023 | 06:41 PM 06:41 PM
codes
Malicious Apps on Google Play Infect 330K Devices with New Android Malware

Researchers recently uncovered an Android backdoor named 'Xamalicious' that has affected approximately 338,300 devices through malicious apps found on Google Play.

McAfee, a computer security software company, identified 14 infected apps on Google Play, three of which had amassed 100,000 installs each, as per reports from Bleeping Computer.

Advertisement

While Google has removed these apps from its platform, users who installed them since mid-2020 might still have active Xamalicious infections on their phones, requiring manual cleanup and thorough scanning.

Some of the notably popular apps known to carry Xamalicious include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, Logo Maker Pro, Auto Click Repeater, Count Easy Calorie Calculator, Dots: One Line Connector, and Sound Volume Extender.

Advertisement

Additionally, a separate set of 12 malicious apps housing the Xamalicious threat spread via unapproved third-party app stores, infecting users upon downloading APK (Android package) files, according to the report.

McAfee's telemetry data shows that the bulk of infections were found on devices located in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina.

Advertisement

Xamalicious operates as a.NET-based Android backdoor, concealed within apps built using the open-source Xamarin framework, which complicates code analysis.

Upon installation, it requests Accessibility Service access, granting it elevated privileges to execute operations like navigation gestures, object concealment, and further self-permission grants.

Advertisement

After installation, Xamalicious establishes contact with a command and control (C2) server to retrieve a second-stage DLL payload ('cache.bin') based on specific geographical, network, device configuration, and root status criteria. This sophisticated behavior makes its detection and eradication more challenging.

(With Agency Inputs)

Advertisement

ALSO READ | Google Fixed 8th Zero-Day Bug in Chrome Exploited in Attacks Throughout the Year

ALSO READ | Google Maps 'Driving Mode' on Android Could Cease Operations by 2024

Advertisement

 

tags
Advertisement
Don't Miss
View All
Kimaya-Kapoor

Kimaya Kapoor oozes oomph in black bold bikini
Nikki-Tamboli

Nikki Tamboli Oozes Oomph in Bold Bikini Ensemble
Neha-Pendse

Neha Pendse Flaunts Her Curves in Pink Polka Dot Maxi
Janhvi-Kapoor

Top 10 Red Hot Looks of Janhvi Kapoor
Disha-Patani

Disha Patani Slays in Glamorous Red Glitter Mini Skirt Co-ord Ensemble
Alaya-F

Alaya F Oozes Oomph in Striking Black and Silver Sequined Mini Dress
Sonam-Bajwa

Sonam Bajwa Sets Hearts Racing in White See-through Gown
Poonam-Pandey

Top 10 pics of Poonam Pandey

Related Posts

"From technology to my hair, a lot has changed," says Pichai upon reaching his 20-year Google milestone

"From technology to my hair, a lot has changed," says Pichai upon reaching his 20-year Google milestone

Department of Telecom warns public against scammers posing as MS Dhoni

Department of Telecom warns public against scammers posing as MS Dhoni

Dell's Latest Alienware Gaming Laptop in India

Dell's Latest Alienware Gaming Laptop in India

India's Internet User Base Surges to 936.16 Million, Telephone Subscribers Exceed 1.19 Billion: TRAI Report

India's Internet User Base Surges to 936.16 Million, Telephone Subscribers Exceed 1.19 Billion: TRAI Report