Once again, corrupted Android applications have been spotted on the Google Play Store. Infected by the Xamalicious malware, they are intended to take control of their victims’ smartphones. Remove them quickly if you have them installed!
Once again, numerous corrupted applications have been discovered in the Play Store, Google’s app store for Android – you can’t change good old habits! Despite the security tools and measures that the Redmond firm deploys, hackers are constantly developing new strategies aimed at circumventing them. This time, McAfee computer security researchers have identified a new threat for Android users: the Xamalicious malware, which hides in several dozen applications. It mainly affects American, Brazilian and Argentinian users, but is also prevalent in Europe, and more particularly in the United Kingdom, Spain and Germany.
Xamalicious: 13 dangerous apps to uninstall urgently
Xamalicious is designed to take control of a smartphone. To do this, the malware relies on social engineering techniques, with the aim of obtaining access permissions from the victim’s device, which allow them to access functions normally reserved for the security system. exploitation. The app will claim to need full access to function and provide the victim with instructions to enable accessibility services. The infected device then has ample opportunity to communicate with a command and control server, resulting in the download of a second payload. This then takes full control of the device and carries out malicious actions, such as clicking on advertisements, installing applications, collecting personal and banking data, etc. All, of course, without the consent of the owner of the device.
The virus collects several data from the device, including the list of installed applications obtained through system commands, to determine whether the infected victim is a good target for the second-stage payload. The malware can collect location, carrier, and network information, as well as device rooting status and ADB connectivity configuration. To avoid detection by Google, cybercriminals use obfuscation techniques to scramble application code to make it less readable, and therefore easier to apprehend. They also use custom encryption to communicate with the remote server. Finally, they rely on Xamarin, a mobile application development platform using the C# programming language and the .NET framework, to code the virus.
The virus was hidden in the code of 13 Android applications available on the Play Store. Some have more than 100,000 downloads. Here is the list of infected apps:
- Essential Horoscope for Android
- 3D Skin Editor for PE Minecraft
- Logo Maker Pro
- Auto Click Repeater
- Count Easy Calorie Calculator
- Sound Volume Extender
- LetterLink
- NUMEROLOGY: PERSONAL HOROSCOPE & NUMBER PREDICTIONS
- Step Keeper: Easy Pedometer
- Track Your Sleep
- Sound Volume Booster
- Astrological Navigator: Daily Horoscope & Tarot
- Universal Calculator
Although Google quickly removed some of these apps from the Play Store, most of them are still available on third-party Android app stores. Note that researchers also detected Xamalicious in the code of twelve other applications, not distributed through the Play Store. In total, no fewer than 327,000 devices were affected. Additionally, the campaign is still ongoing. Caution is therefore required…
If you have ever installed one of them on your smartphone, uninstall it as soon as possible. To be safe, it is best for you to change your passwords and monitor your bank account transactions. Keep in mind that just because you download an app from an official store doesn’t mean you’re safe. This is why it is strongly recommended to only install applications that you really need and delete those that you no longer use. Before downloading, check the little details that might tip you off – number of downloads, reviews, developer name, permission requests… In any case, use an antivirus in the background to carefully check that malicious behavior is not secretly at work.