Urgent Alert: ‘Xamalicious’ Virus Attacks 338,000 Phones – Check the List of Infected Apps Now

Urgent Alert:’Xamalicious’ Virus Attacks 338,000 Phones – Check the List of Infected Apps Now

In a recent discovery, cybersecurity researchers at McAfee have identified a concerning Android backdoor malware named ‘Xamalicious.’ This malicious software has infiltrated approximately 338,300 devices, primarily through infected apps on the Google Play Store.

The malware was traced back to 14 affected apps, three of which had already garnered 100,000 installs each before being removed from the Google Play Store.

While these apps may no longer be visible in the store, individuals who inadvertently downloaded them are urged to promptly delete them from their smartphones.

The impacted apps have been taken down, but users who installed them since mid-2020 may still have active Xamalicious infections on their devices. Consequently, users are advised to manually inspect their devices, checking for any unwanted apps or suspicious settings that may indicate a potential threat.

Some of the widely installed Xamalicious-affected Android apps include:

– Essential Horoscope for Android (100,000 installs)
– 3D Skin Editor for PE Minecraft (100,000 installs)
– Logo Maker Pro (100,000 installs)
– Auto Click Repeater (10,000 installs)
– Count Easy Calorie Calculator (10,000 installs)
– Dots: One Line Connector (10,000 installs)
– Sound Volume Extender (5,000 installs)

In addition to the Google Play Store, another group of 12 malicious apps carrying the Xamalicious threat is circulating on unauthorized third-party app stores, posing a risk to users who download APK files, as reported by ANI.

Notably, Xamalicious stands out for being an Android backdoor based on the.NET framework and integrated into apps developed with the open-source Xamarin framework.

This unique characteristic poses challenges for cybersecurity experts engaged in code analysis. Upon installation, Xamalicious seeks access to the Accessibility Service, allowing it to execute navigation gestures, conceal on-screen elements, and acquire additional permissions.

After installation, the malware establishes communication with a Command and Control (C2) server to fetch the second-stage DLL payload (‘cache.bin’). This retrieval is contingent on meeting specific criteria, including geographical location, network conditions, device configuration, and root status.

Android users are strongly advised to conduct thorough checks for signs of Xamalicious infections, even if they have uninstalled the implicated apps.

Utilizing reputable antivirus software for manual clean-up and regular device scanning is recommended to enhance protection against such emerging malware threats.