Android Apps You Should Delete Immediately: As we approach the end of the year, a concerning development in the digital world has emerged, affecting millions of Android users worldwide. A cluster of Android apps has been identified as malicious, loaded with a backdoor malware known as ‘Xamalicious,’ which has potentially compromised hundreds of thousands of devices.
What is ‘Xamalicious’?
‘Xamalicious’ is a term coined by McAfee’s Mobile Research Team to describe a specific type of malware that has been found in a variety of Android apps. These apps, once installed, attempt to gain accessibility privileges through social engineering. The malware is “implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.” Once it gains the required privileges, it communicates with a command-and-control server to determine whether to download a more aggressive payload. If this second stage is initiated, the malware can take complete control of the device, potentially acting like spyware or a banking trojan, operating without the user’s interaction.
The Scale of the Threat
McAfee has identified 25 apps that contain the Xamalicious malware, 13 of which were distributed through the Google Play Store. Some of these apps have been downloaded as far back as 2020 and have potentially compromised an estimated 327,000 devices just from Google Play, not accounting for third-party downloads. The threat is not localized, with most Xamalicious activity detected in the US, Brazil, Argentina, the UK, Spain, and Germany.
The List of Malicious Apps
The following are some of the apps identified as carriers of the Xamalicious malware, as reported by sources like PCMAG, Forbes, HT Tech, and India Today:
- 3D Skin Editor for PE Minecraft | 100,000 downloads
- Logo Maker Pro | 100,000 downloads
- Auto Click Repeater | 10,000 downloads
- Count Easy Calorie Calculator | 10,000 downloads
- Sound Volume Extender | 5,000 downloads
- LetterLink | 1,000 downloads
- Numerology: Personal Horoscope and Number Predictions | 1,000 downloads
- Step Keeper: Easy Pedometer | 500 downloads
- Track Your Sleep | 500 downloads
- Sound Volume Booster | 100 downloads
- Astrological Navigator: Daily Horoscope & Tarot | 100 downloads
- Universal Calculator | 100 downloads
In addition to these apps found on Google Play, a separate group of 12 malicious apps with the Xamalicious threat circulates on unauthorized third-party app stores.
How ‘Xamalicious’ Operates
Xamalicious is particularly challenging for cybersecurity experts due to its use of the .NET framework and integration into apps developed using the open-source Xamarin framework. Upon installation, it seeks access to the Accessibility Service, enabling it to perform privileged operations like executing navigation gestures and obtaining additional permissions. After establishing communication with a Command and Control server, it decides whether to download and install additional malicious code based on specific criteria, including geographical location, network conditions, device configuration, and root status.
What Should You Do?
If you have any of the listed apps or suspect that you might have installed a malicious app, here are the recommended steps:
- Delete the App Immediately: If you find any of the listed apps on your device, uninstall them without delay.
- Check Device for Unusual Activity: Look for any suspicious behavior on your device, such as unfamiliar apps, unexpected permissions, or unusual battery drain.
- Use Antivirus Software: Regularly scan your device with reliable antivirus software.
- Stay Informed: Keep up-to-date with the latest security news and updates from trusted sources.
- Manual Clean-up: Regularly check your device for any signs of Xamalicious infections and perform a manual clean-up if necessary.
Summing Up
The discovery of the Xamalicious malware serves as a stark reminder of the ever-present threats in the digital world. Users must remain vigilant, regularly update their devices, and stay informed about potential risks. It’s crucial to act immediately by deleting the identified malicious apps and taking steps to secure your devices.
