Android Users BEWARE: New ‘Xamalicious’ Malware Found in Apps; Here’s How To Protect Your Phone

A new malware poses a threat to Android users data being stolen, deleted or corrupted; here are ways to protect yourself against it.

New Delhi: An urgent warning for Android users – a recent discovery by McAfee researchers exposes a dangerous new threat: ‘Xamalicious’ malware hidden within seemingly harmless apps on the Google Play Store. Like any other malware it aims to steal data and damage or corrupt you mobiles. It is identified as a backdoor malware and has infected an estimated 338,300 devices, posing a significant risk to your phone’s security and privacy. Read more to know how to defend yourself against it.

Understanding the Xamalicious Threat

Xamalicious operates like a secret “key” for attackers, offering them remote access to your phone. Once installed, it can potentially:

• Steal your sensitive data: Contacts, messages, call logs, financial information, passwords, and more are all vulnerable.
• Hijack your device: Imagine your phone making calls or sending texts without your knowledge – Xamalicious can do just that.
• Track your every move: Your browsing history, app usage, and even location data can be monitored, revealing your entire digital footprint.
• Spread like wildfire: The malware can potentially infect other devices connected to your phone, putting your network at risk.

Were You Affected?

While a full list of infected apps remains unavailable, 14 offenders have been identified, including:

• Essential Horoscope for Android (100,000 downloads)
• 3D Skin Editor for PE Minecraft (100,000 downloads)
• Logo Maker Pro (100,000 downloads)
• Auto Click Repeater (10,000 downloads)

However, beware – this list is not exhaustive. Even if you haven’t noticed any suspicious activity, taking precautions is essential.

Protecting Yourself from Xamalicious

If you suspect Xamalicious might be lurking on your phone, act promptly:

• Uninstall any of the listed apps immediately. Don’t wait for symptoms; better safe than sorry.
• Run a thorough security scan using a reputable antivirus or anti-malware app. Be proactive in hunting down the threat.
• Change your passwords for all potentially breached accounts, including bank accounts, email, social media, and any other sensitive platforms.
• Report the app to Google Play Store by flagging it as “Suspicious activity.” Help protect others from falling victim.

Stay Safe, Stay Informed

Cybersecurity threats constantly evolve, so we recommend taking these additional steps:

• Download apps only from trusted sources: Stick to the official Google Play Store and avoid third-party app stores or shady websites.
• Verify app reviews and ratings: Before installing any app, check what other users are saying. Legitimate apps usually have positive reviews.
• Scrutinise app permissions: Don’t grant unnecessary access, especially to sensitive data like contacts or financial information.
• Keep your device and apps updated: Regularly update your Android OS and app versions to benefit from the latest security patches.
• Enable two-factor authentication: Add an extra layer of security to your sensitive accounts wherever possible.

How the Malware works

Xamalicious operates differently from most Android malware. Its “secret weapon” lies in utilising the .NET framework, often associated with Windows software. This makes it challenging to detect within traditionally Android-focused analysis tools. The malware integrates itself into apps developed using the Xamarin framework, further adding to its camouflage.

Once installed, Xamalicious requests access to the Accessibility Service, a powerful feature meant to assist users with disabilities. Xamalicious exploits this privilege to perform malicious actions like:

• Hiding its icon: Disappearing from your app list makes it harder to find and remove.
• Obtaining additional permissions: It can trick you into granting access to sensitive data like contacts or your microphone.
• Executing keystrokes and gestures: Imagine the malware typing malicious messages or navigating your phone without your knowledge.

The malware then communicates with a remote Command and Control (C2) server, receiving further instructions and potentially downloading additional payloads. However, these downloads happen only if specific criteria are met, such as your geographic location, network connectivity, and device configuration. This stealthy approach adds to the overall complexity of the threat.

Ongoing Investigation and Resources

McAfee researchers continue to analyse Xamalicious and track its spread. They urge users to remain vigilant and report any suspicious activities.

For users concerned about potential infection:

• Manual Scan: If you uninstalled the listed apps but suspect lingering traces, a manual scan with a reputable antivirus app featuring deep scan capabilities is recommended.
• Factory Reset: While a drastic measure, a factory reset with data wipe is the most thorough way to cleanse your device. Remember to back up essential data beforehand.
• Report Suspicious Apps: If you encounter any suspicious apps not on the official list, report them immediately to Google Play Store and relevant cybersecurity organisations.

By staying informed and taking proactive measures, you can significantly reduce the risk of falling victim to malware like Xamalicious and protect your valuable data and privacy in the ever-evolving digital landscape.

Remember, your vigilance and proactive approach are essential in defending your mobile from malicious threats.