McAfee identifes malware that has potentially compromised 327,000 Android devices. If you downloaded any on these 13 apps from Google Play, uninstall them now.
We're ending the year with another crop of malicious Android apps you should delete from your phone ASAP.
The McAfee Mobile Research Team uncovered apps in Google Play and third-party app stores that are infected with malware it's dubbed Xamalicious because it's "implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#."
Once installed, a malicious app "tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload." If the second-stage payload is installed, it can take full control of your device, meaning "it has the potential to perform any type of activity like a spyware or banking trojan without user interaction," McAfee says.
The apps can also do things like install other apps or click on ads without your consent. The Cash Magnet app, for example, automatically clicks ads and installs apps to fraudulently generate revenue; users think they're earning points to be redeemable as a retail gift card.
"This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious," McAfee says.
McAfee identified 25 apps that contain the threat, 13 of which were distributed on Google Play, some as far back as 2020. It notes that "the usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code.
"Malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server," McAfee adds.
McAfee estimates the apps have potentially compromised 327,000 devices from Google Play, in addition to any downloads that were made from third-party markets. Most Xamalicious activity was detected in the US, Brazil, and Argentina, though infections were also reported in the UK, Spain, and Germany.
Google removed the apps from Google Play after McAfee reported them. But there’s a chance you might still have them installed on your device. If so, you should delete them immediately. Here’s the full list of apps (and their package names) that were once on Google Play and how many downloads they received.
- Essential Horoscope for Android (om.anomenforyou.essentialhoroscope) – 100,000 downloads
- 3D Skin Editor for PE Minecraft (com.littleray.skineditorforpeminecraft) – 100,000
- Logo Maker Pro (com.vyblystudio.dotslinkpuzzles) – 100,000
- Auto Click Repeater (com.autoclickrepeater.free) – 10,000
- Count Easy Calorie Calculator (com.lakhinstudio.counteasycaloriecalculator) – 10,000
- Sound Volume Extender (com.muranogames.easyworkoutsathome) – 5,000
- LetterLink (com.regaliusgames.llinkgame) – 1,000
- NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS (com.Ushak.NPHOROSCOPENUMBER) – 1,000
- Step Keeper: Easy Pedometer (com.browgames.stepkeepereasymeter) – 500
- Track Your Sleep (com.shvetsStudio.trackYourSleep) – 500
- Sound Volume Booster (com.devapps.soundvolumebooster) – 100
- Astrological Navigator: Daily Horoscope & Tarot (com.Osinko.HoroscopeTaro) – 100
- Universal Calculator (com.Potap64.universalcalculator) – 100
- Adenman
- 1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.