New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

28.12.2023

 

A recently discovered Android backdoor named Xamalicious has been found to possess formidable capabilities, enabling it to execute various malicious actions on compromised devices. Unearthed by the McAfee Mobile Research Team, the malware derives its name from its utilization of the Xamarin open-source mobile app framework and its exploitation of the accessibility permissions within the operating system to carry out its malicious objectives.

Xamalicious exhibits the ability to collect metadata about the infected device and establish communication with a command-and-control (C2) server to acquire a second-stage payload. However, it performs this action selectively, ensuring compatibility before proceeding. The second stage involves the dynamic injection of an assembly DLL at runtime, enabling the malware to seize complete control of the device. Subsequently, it can engage in fraudulent activities such as clicking on ads and installing apps, all with a financial motive and without the user’s consent, as highlighted by security researcher Fernando Ruiz.

McAfee identified 25 applications harboring this active threat, some of which were distributed on the official Google Play Store since mid-2020. The affected apps are estimated to have been downloaded and installed at least 327,000 times, underscoring the widespread impact of this security threat.

Other news

Former CIA software engineer who leaked to WikiLeaks sentenced to 40 years

A former CIA software engineer has been sentenced to 40 years in prison for leaking classified information and possessing child sexual abuse material.

Read More

Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

Signal, the end-to-end encrypted (E2EE) messaging app, has announced the testing of a new feature that enables users to create distinct usernames.

Read More
en_USEnglish