Identify and Delete 'Xamalicious' app from device for Your Safety

  • Facebook
  • Twitter
  • Reddit
  • Flipboard
  • Email
  • WhatsApp
Identify and Delete 'Xamalicious' app from device for Your Safety (Image: unsplash.com)
Identify and Delete 'Xamalicious' app from device for Your Safety (Image: unsplash.com)

Delhi : 'Xamalicious,' an innovative Android backdoor, has been found by McAfee to infect around 338,300 devices via malicious Google Play apps. Three of the 14 malicious apps that McAfee found on Google Play have amassed 100,000 installations apiece.

Description of term "Xamalicious"

A.NET-based Android backdoor called Xamalicious is concealed behind applications created with the open-source Xamarin platform. This increases the difficulty of code analysis. After installation, it acquires Accessibility Service access, which gives it the ability to carry out privileged tasks including concealing on-screen objects and executing navigation gestures.

Well-known Infected Applications

Among these corrupted apps, the most widely used ones are:

  • Essential Android Horoscope
  • PE Minecraft's 3D Skin Editor
  • Maker of Logos Pro
  • Repeater with Auto Click
  • Simple Calorie Counting Calculator
  • One Line Connector: Dots
  • Sound Level Increaser
  • APK or Third party is big issue
  • Twelve malicious apps that carry the Xamalicious threat are distributed through unapproved third-party app shops in addition to Google Play. When users download APK (Android package) files from these sources, they become infected.

How C2 Server Communication play an important role ?

Once installation is complete, Xamalicious will initiate communication with a Command and Control (C2) server in order to obtain the second-stage DLL payload ('cache.bin') provided that certain requirements about device configuration, geography, network, and root status are satisfied.

User Impact

Users who installed these apps after mid-2020 may still have active infections, necessitating manual cleanup and scanning, even after Google Play has deleted them.

Effected country

According to McAfee's telemetry data, the infections are widespread, with the bulk being discovered on devices in the US, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina. This finding emphasizes how crucial it is to use caution when downloading apps even from approved app stores and to frequently scan your device for security flaws.