The best Android phones are once again under attack from malware and this time, a previously unknown backdoor has been used to infect over 300,000 smartphones.
As reported by BleepingComputer, Xamalicious is a new Android backdoor that was found to be hiding in 14 malicious apps on the Google Play Store by the cybersecurity firm McAfee.
The good news is that the bad apps in question have since been removed from Google’s official Android app store. However, the cybercriminals behind this campaign are also using a separate set of 12 malicious apps on unofficial third-party app stores to spread the Xamalicious malware. These apps need to be sideloaded onto your smartphone though as they are installed via an APK file.
Here’s everything you need to know about this new Android malware strain along with some tips and tricks on how you can stay safe from malicious apps.
Delete these apps right now
As I mentioned before, all of the apps listed below have been removed from the Google Play Store. However, if you have any of them installed on your Android smartphone or tablet, you’re going to need to manually remove them. Here are the most popular malicious apps that contain the Xamalicious malware:
- Essential Horoscope for Android – 100,000 installs
- 3D Skin Editor for PE Minecraft – 100,000 installs
- Logo Maker Pro – 100,000 installs
- Auto Click Repeater – 10,000 installs
- Count Easy Calorie Calculator – 10,000 installs
- Dots: One Line Connector – 10,000 installs
- Sound Volume Extender – 5,000 installs
Although some of these malicious apps are newer, McAfee points out in a blog post that variants of them have been distributed on the Play Store since mid-2020. This means that you may have accidentally installed one of them onto your Android device years ago without realizing it. As such, you should go to Settings and then Apps to look through your list of All Apps just to be safe. It’s a good idea to do this from time to time as limiting the number of apps on your phone can also help you stay safe from mobile malware.
Adding a backdoor to your Android smartphone
Xamalicious is a .NET-based Android backdoor which can be embedded in any app developed using the open-source Xamarin framework. This also makes analyzing the malicious code these apps contain more difficult.
When one of the malicious apps listed above is installed on an Android smartphone, it first requests access to the operating system’s Accessibility Service. If a user does grant this access, it allows for the malware to perform a number of privileged actions on an infected smartphone such as navigation gestures, hiding on-screen elements and even granting itself additional permissions.
From here, the malware uses a hacker-controlled command and control (C2) server to download a second-stage payload but only after certain prerequisites are met. Xamalicious has a number of capabilities including the ability to gather device info, geographic location data, root info and more.
According to McAfee, the cybersecurity firm’s researchers have also found links between the malware and an ad-fraud app called “Cash Magnet” that automatically clicks on ads and installs adware on a victim’s smartphone. Besides hurting businesses, ad fraud can slow down your smartphone’s performance, eat up your mobile data and wear down your battery, all in the background without your knowledge.
How to stay safe from malicious Android apps
When it comes to protecting yourself from malicious apps, the first and most important thing you can do is to be extra careful when downloading and installing any new app. You want to look closely at an app’s rating and reviews in the Play Store but since these can be faked, you should also look at external reviews as well and video reviews are especially useful here since they show the app in question in action.
At the same time, you also want to avoid sideloading apps, despite how fast and convenient installing an app using an APK file can be. These apps from unofficial third-party app stores don’t go through the same rigorous security checks that apps on official stores do and as such, they could contain malware. This is why you want to stick to official Android app stores like the Google Play Store, Samsung Galaxy Store or the Amazon Appstore.
To keep your data and devices safe, you should also be using one of the best Android antivirus apps on your smartphone. If you’re on a tight budget though, Google Play Protect also scans all of the new apps you download as well as your existing apps for malware. It’s completely free and comes pre-installed on most Android smartphones.
In a statement to Tom's Guide, a Google spokesperson provided further details on how Google Play Protect can help keep you safe from malicious apps, saying:
"Google Play Protect, the on-device malware protection on Android devices with Google Play Services, protects users from this malware both on and off-Play. If a user already had one of these apps known to contain the malware installed, the user received a warning and it was automatically uninstalled from their device. If a user tries to install an app with this identified malware, they'll get a warning and the app will be automatically blocked from being installed."
Malicious apps have proven to be quite successful for hackers and other cybercriminals which is why they likely won’t be going anywhere anytime soon. For this reason, it’s up to you to carefully check and review any new app before you install it onto your devices.