Heads up, Android users! Double-check your devices for possible Xamalicious infection, as the malware has flooded the Google Play Store with malicious apps. While Google removed the malicious apps from the Play Store upon knowing the matter, the malware may continue to run on infected devices unless removed manually.
Xamalicious Malware Infected Android Devices Via Play Store
McAfee Mobile Research Team researchers have reported detecting multiple malicious apps on the Google Play Store that are involved in spreading new malware. Identified as “Xamalicious,” the new malware flooded the Play Store with at least 25 different applications to target Android devices.
In brief, the researchers found this malware implemented as a backdoor with the Xamarin framework that supports Android and iOS app development with .NET and C#. Upon reaching the target device, the malware exploits the accessibility privileges to communicate with its C&C server and download the second-stage payload.
This second payload that injects as an assembly DLL at runtime level takes control of the device. It then acts as a trojan and spyware, performing various malicious actions without requiring user interaction.
Besides, the researchers also found an app, “CashMagnet,” associated with this malware, performing ad frauds on target devices.
The apps spreading Xamalicious have existed on the Google Play Store since mid-2020, garnering a huge user base. The researchers estimated around 327,000 devices to have suffered Xamalicious infections. The malware managed to stay undetected all along by exploiting the Xamarin framework alongside leveraging obfuscation techniques.
Google Removed The Malware From The Play Store
Upon discovering the malware campaign, the researchers promptly reported the matter to Google, which then removed all suspected apps from the Play Store.
Nonetheless, while the threat may no longer spread from the Play Store, the malware may continue its activities on infected devices. Hence, users must keep an eye on Google Play Protect warnings highlighting the malicious app if found running on the device. Moreover, users should remain careful when downloading apps, even from the Play Store, opting only for apps from trusted developers.
Let us know your thoughts in the comments.
