Researchers have discovered an Android backdoor named Xamalicious, specifically targeting Android devices. According to computer security software company McAfee, this dangerous malware has approximately compromised at least 327,000 devices through malicious apps on the Google Play Store.
The McAfee researchers discovered 14 infected apps on the Google Play Store. It is important to note that three apps have 100,000 installs each. However, this data does not include the installations coming from third-party markets. The affected apps have been taken down from the Android store. However, users who have installed these apps since mid-2020 may still have active malware on their devices. Therefore, these users are advised to manually clean up their phones. Some of the Xamalicious-affected Android apps include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, Count Easy Calorie Calculator, Logo Maker Pro, and Sound Volume Extender.
In the report, McAfee said that Xamalicious trojans are apps to health, games, and horoscope. The report also mentioned that most of these apps are still available for download on third-party marketplaces. Researchers found that the malware incorporates an Android backdoor using Xamarin, an open-source framework. The malware tries to gain accessibility privileges through social engineering, and once this process is done, it communicates with a command-and-control server to evaluate if a second-stage payload should be downloaded. Notably, the second-stage payload can take full control of the infected device. McAfee also pointed out that the usage of the Xamarin framework permitted malware authors to stay active and without detection for a long period of time.
According to McAfee telemetry data, more affected users are on the American continent, with the most activity in the United States, Argentina, and Brazil. McAfee also warns the users that they should be careful when a new app tries to convince them to activate accessibility services without a real and reasonable reason.