Uploading applications with hidden malware to the Google Play Store has become a business model for many. As we have seen in the past, new implementations of this come out very frequently, putting every Android user at risk as it can be complicated to detect.
Discover our latest podcast
Security company McAfee made another malware discovery when they identified 15 applications with a very intricate backdoor built-in. The malware dubbed Xamalicious tries to gain accessibility privileges to phones through social engineering, meaning it attempts to manipulate the user into consenting to these privileges. The malware then communicates with a server and assesses if it should download a payload onto the device that takes full control of it.
The size of the damage
According to McAfee, these applications may have infected at least 327,000 devices on the Google Play Store. While these applications have been removed from the store, Android users who have previously downloaded them and may not be aware should immediately delete them. Furthermore, this malware is continuously repackaged to produce new infections which means that the threat persists.
The users infected were reported to be in the USA, Brazil, and Argentina. In Europe, The UK, Spain and Germany were particularly targeted.
The list of applications
- Essential Horoscope for Android
- 3D Skin Editor for PE Minecraft
- Logo Maker Pro
- Auto Click Repeater
- Count Easy Calorie Calculator
- Sound Volume Extender
- LetterLink
- NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS
- Step Keeper: Easy Pedometer
- Track Your Sleep
- Sound Volume Booster
- Astrological Navigator: Daily Horoscope & Tarot
- Universal Calculator
- Dots: One Line Connector
- CashMagnet
What to look out for
The biggest red flag in this type of exploit is that it requires the user to consent to accessibility services. This means that users have to look out for any application that requests access to these without a clear and defined reason. Any application that keeps trying to ‘convince’ you to provide these is to be avoided unless it is for a genuine use case.
Furthermore one should always have security measures for when a device is ultimately compromised. Use security software that is always up to date and make sure your passwords are managed by a password manager that adds another safety layer.
Read more:
⋙ Safety warning issued to iPhone and Android users: Delete these apps now
⋙ Google warns millions to update their Chrome browser over risky bug, here's what you should do
Source:
McAfee: Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices