In the city of New Delhi, researchers have discovered a concerning Android backdoor called ‘Xamalicious’. This backdoor has managed to infect a significant number of devices, around 338,300, through malicious apps found on Google Play.
According to Bleeping Computer, McAfee, a company specializing in computer security software, recently uncovered a total of 14 infected apps on Google Play. Surprisingly, three of these apps had managed to accumulate an impressive 100,000 installs each.
Even though the apps have been taken down from Google Play, users who downloaded them since mid-2020 might still have Xamalicious infections on their phones. These infections need to be manually cleaned up and scanned.
Some of the most well-liked apps from Xamalicious are Essential Horoscope for Android with 100,000 installs, 3D Skin Editor for PE Minecraft with 100,000 installs, Logo Maker Pro with 100,000 installs, Auto Click Repeater with 10,000 installs, Count Easy Calorie Calculator with 10,000 installs, Dots: One Line Connector with 10,000 installs, and Sound Volume Extender with 5,000 installs.
Furthermore, a specific set of 12 harmful applications containing the Xamalicious threat are being spread through unauthorized third-party app stores. These apps infect users by downloading APK (Android package) files, as stated in the report.
Based on McAfee telemetry data, a significant number of infections were found on devices located in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina.
Xamalicious is a backdoor that targets Android devices. It is designed to be hidden within apps built using the Xamarin framework, making it harder to detect through code analysis.
Upon installation, the app requests Accessibility Service access, which enables it to carry out privileged operations like navigation gestures, hiding on-screen objects, and granting additional permissions.
After being installed, it establishes a connection with the C2 server to obtain the second-stage DLL payload (‘cache.bin’) if specific criteria related to geography, network, device configuration, and root status are satisfied.