The McAfee Mobile Research Team has identified apps on Google Play and other third-party stores containing a malware strain named Xamalicious. This malware leverages Xamarin, an open-source tool for creating Android and iOS apps using .NET and C#.
Upon installation, a malicious app attempts to acquire accessibility rights through deceptive means. It then communicates with a command server to determine if a secondary malicious component should be downloaded. If this secondary payload is successful, it can seize complete control of your device, enabling activities like espionage or unauthorized banking actions, as noted by McAfee.
Additionally, these apps might carry out actions without your knowledge, such as installing other apps or initiating ad clicks. For instance, the Cash Magnet app engages in ad clicks and app installations to deceitfully generate income. Users are often misled into believing they’re earning redeemable points for retail gift cards.
McAfee highlights that the primary motivation behind these threats seems to be financial gain, particularly through ad fraud. They identified 25 affected apps, with 13 distributed via Google Play, some dating back to 2020. The utilization of Xamarin has enabled these malicious actors to remain undetected for extended periods, using the APK build process as a disguise for their harmful code.
The malware creators also employed various techniques like obfuscation and custom encryption to secure their communications and data transfers, McAfee explains.
McAfee’s data indicates that potentially 327,000 devices from Google Play alone might have been compromised, excluding third-party store downloads. Predominantly, Xamalicious infections were observed in the US, Brazil, and Argentina, with some cases in the UK, Spain, and Germany.
Upon McAfee’s notification, Google took down these apps from its Play Store. However, if you previously downloaded any, it’s essential to delete them immediately. Below is a list of the identified apps, their package names, and their respective download counts from Google Play:
- Essential Horoscope for Android (om.anomenforyou.essentialhoroscope) – 100,000 downloads
- 3D Skin Editor for PE Minecraft (com.littleray.skineditorforpeminecraft) – 100,000
- Logo Maker Pro (com.vyblystudio.dotslinkpuzzles) – 100,000
- … [and so on for the other apps]
Stay vigilant and ensure you regularly check for potentially harmful apps on your devices.