The application requests additional permissions
This is what security experts from McAfee reported 14 infected apps were found in the Google Play Store. Some of the apps have been available in the Store since 2020. Each three apps have been installed about 100,000 times.
The malware is capable of executing various commands, such as collecting device and hardware information and transmitting the device's geographic location based on the IP address.
Xamalicious Android backdoor
Xamalicious is a .NET-based Android backdoor embedded in applications developed using the open source Xamarin framework – hence the name. Using the open source Xamarin framework makes code analysis more difficult, which makes it more difficult to detect malware.
Once installed, it requests access to the Accessibility service to perform distinct actions such as navigation gestures, hiding screen elements, and granting itself additional permissions.
According to McAfee, there are links between Xamalicious and an ad fraud app called “Cash Magnet” that automatically clicks on ads and installs adware on the victim’s device to generate revenue for its operators. Therefore, by running Xamalicious in the background, it may affect processor performance and network bandwidth.
Internet graphic security: Germans fear misuse of data
Most popular Xamalicious apps:
- Basic Horoscopes for Android – 100,000 installs
- 3D Skin Editor for PE Minecraft – 100,000 installs
- Logo Maker Pro – 100,000 installs
- Auto click repeater – 10,000 installs
- Easy Calorie Calculator – 10,000 Installs
- Points: 1 line connector – 10,000 installs
- Volume Extender – 5000 installs
Other malicious apps containing Xamalicious are still available through several third-party vendors and thus continue to infect users via downloadable APK files.
Xamalicious infection is also present in Germany
According to McAfee's telemetry data, most infections were detected on devices in the United States and Germany, as well as Spain, the United Kingdom, Australia, Brazil, Mexico, and Argentina. Although the apps have now been removed from Google Play, users can still have active Xamalicious infections on their phones. In order to find malware, manual scans and cleanups must now be performed, McAfee warns.
- The “Xamalicious” virus has infected more than 300,000 Android smartphones
- Google Play Store vulnerabilities discovered by McAfee
- 14 apps containing malware in the Store since 2020, some of which have been installed 100,000 times
- The malware collects device information and transmits location
- Gives itself access to the accessibility service
- Relationship to the fraudulent advertising application “Cash Magnet”
- Infected apps are still available through third parties
- Devices in the USA and Germany are mainly affected
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”