Alert: New dangerous Android malware found in 14 apps, delete them immediately: List of apps here

Alert: New dangerous Android malware found in 14 apps, delete them immediately: List of apps here

A recent discovery by McAfee researchers has revealed a new Android backdoor malware named ‘Xamalicious,’ infecting approximately 338,300 devices through malicious apps on the Google Play Store. The malware was found in 14 affected apps, three of which had amassed 100,000 installs each before being removed from the Google Play Store. While they won’t be visible in the Play Store, those who have accidentally installed them on phones should delete them immediately.

New dangerous Android malware found in 14 apps

The affected apps have been taken down from the app store, and users who installed them since mid-2020 may still have active Xamalicious affections on their devices. Hence, users are advised to manually clean up their devices. People can check if there are unwanted apps or any sort of setting or anything that looks suspicious to you should get removed from your smartphone.

Some of the widely installed Xamalicious-affected Android apps are as follows:

Essential Horoscope for Android (100,000 installs)

-3D Skin Editor for PE Minecraft (100,000 installs)

-Logo Maker Pro (100,000 installs)

-Auto Click Repeater (10,000 installs)

-Count Easy Calorie Calculator (10,000 installs)

-Dots: One Line Connector (10,000 installs)

-Sound Volume Extender (5,000 installs)

In addition to the apps on Google Play, a separate group of 12 malicious apps having the Xamalicious threat is circulating on unauthorized third-party app stores, affecting users through APK file downloads, ANI reported.

Xamalicious, an Android backdoor, is distinctive for being based on the.NET framework and integrated into apps developed using the open-source Xamarin framework. This feature presents a heightened challenge for cybersecurity experts conducting code analysis. Upon installation, Xamalicious seeks access to the Accessibility Service, enabling it to perform privileged operations such as executing navigation gestures, concealing on-screen elements, and obtaining additional permissions.

Following installation, the malware initiates communication with a Command and Control (C2) server to retrieve the second-stage DLL payload (‘cache.bin’). This retrieval is contingent on meeting specific criteria, including geographical location, network conditions, device configuration, and root status.

Android users are strongly advised to check their devices for any signs of Xamalicious infections, even if they have uninstalled the implicated apps. It is better to use a good antivirus software for manual clean-up and regular device scanning is recommended to ensure protection against such malware threats.