As the year draws to a close, Android users face a significant security threat. The McAfee Mobile Research Team has uncovered a series of Android apps infected with a dangerous malware, named “Xamalicious.” These apps, found in Google Play and various third-party app stores, exploit an open-source framework called Xamarin, used for building Android and iOS apps with .NET and C#. The discovery of these malicious apps raises serious concerns about mobile security and user privacy.
The operation of Xamalicious is particularly alarming. After installation, the malware attempts to gain accessibility privileges through deceptive social engineering tactics. Once these privileges are obtained, it communicates with a command-and-control server. This server then decides whether to download a second-stage payload onto the user’s device. If this payload is installed, the malware gains complete control of the device, potentially performing any activity like a spyware or banking trojan without the user’s knowledge.
These malicious apps can autonomously install other applications and click on ads, generating revenue fraudulently. For instance, the Cash Magnet app engages in such activities while misleading users to believe they are earning points redeemable for retail gift cards. McAfee emphasizes that these apps are primarily driven by financial motives, focusing on ad-fraud.
McAfee’s investigation revealed 25 apps containing this malware, with 13 distributed via Google Play, some as early as 2020. The use of Xamarin allowed these apps to remain active and undetected for long periods, with the APK build process effectively hiding the malicious code. The apps have potentially affected 327,000 devices through Google Play, not including third-party downloads, with the majority of incidents reported in the US, Brazil, and Argentina. Following McAfee’s report, Google has removed these apps from its store.
Users are urged to check their devices and remove the following apps immediately:
- Essential Horoscope for Android (om.anomenforyou.essentialhoroscope) – 100,000 downloads
- 3D Skin Editor for PE Minecraft (com.littleray.skineditorforpeminecraft) – 100,000 downloads
- Logo Maker Pro (com.vyblystudio.dotslinkpuzzles) – 100,000 downloads
- Auto Click Repeater (com.autoclickrepeater.free) – 10,000 downloads
- Count Easy Calorie Calculator (com.lakhinstudio.counteasycaloriecalculator) – 10,000 downloads
- Sound Volume Extender (com.muranogames.easyworkoutsathome) – 5,000 downloads
- LetterLink (com.regaliusgames.llinkgame) – 1,000 downloads
- NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS (com.Ushak.NPHOROSCOPENUMBER) – 1,000 downloads
- Step Keeper: Easy Pedometer (com.browgames.stepkeepereasymeter) – 500 downloads
- Track Your Sleep (com.shvetsStudio.trackYourSleep) – 500 downloads
- Sound Volume Booster (com.devapps.soundvolumebooster) – 100 downloads
- Astrological Navigator: Daily Horoscope & Tarot (com.Osinko.HoroscopeTaro) – 100 downloads
- Universal Calculator (com.Potap64.universalcalculator) – 100 downloads
The discovery of these malicious apps serves as a stark reminder of the importance of digital vigilance. Users are advised to regularly review and manage their app installations, ensuring their personal and device security.
