McAfee Raises The Alarm After Android Malware ‘Xamalicious’ On Play Store Infects Hundreds Of Thousands Of Devices

McAfee is raising the alarm against the Android malware dubbed Xamalicious that wreaked havoc at the Google Play Store.

The Android backdoor managed to infect a whopping 338,000 devices through a series of malicious platforms found on the Play Store.

McAfee who happens to be a member of the country’s App Defense Alliance discovered close to 14 different platforms that became infected. They each had a staggering 100,000 installations.

While the platforms are said to be eradicated completely from the Google Play Store, those who did download them during the middle part of 2020 could continue to have active versions of the infection across their devices. This would need cleanup and some manual scans.

Some of the leading apps that increased in popularity included Logo Maker Pro. Sound Volume Extender, Essential Horrorscope, 3D Skin Editor, and Count Easy Calorie Counter, amongst others.

Meanwhile, another list was rolled out that featured 12 of the malicious platforms that keep on serving as threats. But those stats are yet to be unveiled in the public eye. On most occasions, it’s distributed by unofficial app stores owned by third parties. This would infect users through APK files that can be installed.

As per data from McAfee, so many of these infections were downloaded across devices across places like Germany, US, Spain, Australia, Mexico, and Argentina.

The Android backdoor gets embedded through apps created using a framework dubbed Xamarin. This makes the entire analysis for codes super challenging. After getting installed, it wants requests for access to the Accessibility Service that enables it to carry out several privileged actions such as hiding the screen, granting permission, and even carrying out navigation with ease.

After being downloaded, they communicate through C2 servers to retrieve the second part of the DLL payloads if the prerequisites end up being met. But seeing the number of commands that it can generate, one must wonder what else it is capable of.

Just for a brief understanding purpose, it gathered information linked to the device’s hardware like Android ID, the CPU, model, and the OS version.

Secondly, it attained the exact geographical location through an IP address and even got a fraud score to evaluate non-genuine users. After that, we saw it list down adProperties to determine if clients were working from real devices or not. And lastly, it even paved to the way to figuring out the rooting status of the device, if any were involved.

The leading security company also reportedly highlighted a great number of links between the malware and another ad-themed malicious platform dubbed Cash Magnet. The latter is the name given to an app that clicks on ads through automated means and downloads adware through the victim’s software to produce more revenue for operators.
It is therefore very possible that the malware carried out ad fraud on several compromised devices and further went on reducing the performance of its processor as well as the bandwidth of the network.

While we agree that Google Play is not immune to the activity of malware uploads, such initiatives including App Defense Alliance tend to detect and get rid of novel threats popping up through the App Store online. The latter is not the case when we have poorly regulated apps in question.

So how to avoid interacting with such ordeals in the first place? Users having Android devices should restrict themselves to the likes of essential apps and when downloading, they should carefully read out reviews beforehand while conducting detailed background checks of the platform’s source of origin.

Photo: Digital Information World - AIgen

Read next: Google Agrees To Settlement After Being Accused Of Wrongly Collecting User Data Through Chrome’s Incognito Mode
Previous Post Next Post