McAfee’s mobile research team discovered 25 apps infected with the Xamalicious malware, with some of them being distributed on the Google Play store.
According to BGR, Google has removed these apps from Google Play but they may still be on users’ phones, so experts warn users to remove them as soon as possible and keep an eye on their accounts.
The list of infected applications that have been removed from Google Play includes:
- Essential Horoscope for Android (100,000 downloads).
- 3D Skin Editor for PE Minecraft (100,000 downloads).
- Auto Click Repeater (10,000 downloads).
- Logo Maker Pro (100,000 downloads).
- Count Easy Calorie Calculator (10,000 downloads).
- Sound Volume Extender (5,000 downloads).
- LetterLink (1,000 downloads).
- N UMEROLOGY: P ERSONAL H HOROSCOPE & N UMBER P REDICTIONS (1,000 downloads).
- Step Keeper: Easy Pedometer (500 downloads).
- Track Your Sleep (500 downloads).
- Sound Volume Booster (100 downloads).
- Astrological Navigator: Daily Horoscope & Tarot (100 downloads).
- Universal Calculator (100 downloads)
McAfee Xamalicious is an Android backdoor built on the Xamarin open-source mobile application platform, said. Xamalocious-infected apps use social engineering tactics to gain access privileges. At that point, the device begins communicating with the command and control (C&C) server without the device owner’s knowledge.
That server then downloads the second payload to the phone. This payload can “take full control of the device and is capable of performing fraudulent actions such as clicking ads, installing apps, and other financially motivated actions without the user’s consent.”
Also according to McAfee, the use of the Xamarin framework allows malware authors to remain active undetected for long periods, taking advantage of the process of building APK files that act as a packer to hide code. poison. Additionally, malware authors also deploy various obfuscation techniques and custom encryption to exfiltrate data and communicate with C&C servers.
Again, these apps are no longer available for download on Google Play. That’s good news, but Google can’t remotely delete them from users’ phones if they’ve downloaded them.
