Did you know McAfee Raises The Alarm After Android Malware ‘Xamalicious’ On Play Store Infects Hundreds Of Thousands Of Devices
McAfee is raising the alarm against the Android malware dubbed Xamalicious that wreaked havoc at the Google Play Store.
The
Android backdoor managed to infect a whopping 338,000 devices through a
series of malicious platforms found on the Play Store.
McAfee
who happens to be a member of the country’s App Defense Alliance
discovered close to 14 different platforms that became infected. They
each had a staggering 100,000 installations.
While the platforms are said to be eradicated completely from the Google
Play Store, those who did download them during the middle part of 2020
could continue to have active versions of the infection across their
devices. This would need cleanup and some manual scans.
Some of
the leading apps that increased in popularity included Logo Maker Pro.
Sound Volume Extender, Essential Horrorscope, 3D Skin Editor, and Count
Easy Calorie Counter, amongst others.
Meanwhile, another list
was rolled out that featured 12 of the malicious platforms that keep on
serving as threats. But those stats are yet to be unveiled in the public
eye. On most occasions, it’s distributed by unofficial app stores owned
by third parties. This would infect users through APK files that can be
installed.
As per data from McAfee, so many of these infections were downloaded
across devices across places like Germany, US, Spain, Australia, Mexico,
and Argentina.
The Android backdoor gets embedded through apps
created using a framework dubbed Xamarin. This makes the entire analysis
for codes super challenging. After getting installed, it wants requests
for access to the Accessibility Service that enables it to carry out
several privileged actions such as hiding the screen, granting
permission, and even carrying out navigation with ease.
After
being downloaded, they communicate through C2 servers to retrieve the
second part of the DLL payloads if the prerequisites end up being met.
But seeing the number of commands that it can generate, one must wonder
what else it is capable of.
Just for a brief understanding
purpose, it gathered information linked to the device’s hardware like
Android ID, the CPU, model, and the OS version.
Secondly, it
attained the exact geographical location through an IP address and even
got a fraud score to evaluate non-genuine users. After that, we saw it
list down adProperties to determine if clients were working from real
devices or not. And lastly, it even paved to the way to figuring out the
rooting status of the device, if any were involved.
The leading
security company also reportedly highlighted a great number of links
between the malware and another ad-themed malicious platform dubbed Cash
Magnet. The latter is the name given to an app that clicks on ads
through automated means and downloads adware through the victim’s
software to produce more revenue for operators.
It is therefore very possible that the malware carried out ad fraud on
several compromised devices and further went on reducing the performance
of its processor as well as the bandwidth of the network.
While
we agree that Google Play is not immune to the activity of malware
uploads, such initiatives including App Defense Alliance tend to detect
and get rid of novel threats popping up through the App Store online.
The latter is not the case when we have poorly regulated apps in
question.
So how to avoid interacting with such ordeals in the
first place? Users having Android devices should restrict themselves to
the likes of essential apps and when downloading, they should carefully
read out reviews beforehand while conducting detailed background checks
of the platform’s source of origin.