Monday, May 27, 2024
  1. You Are At:
  2. News
  3. Technology
  4. Security Alert: If you installed these apps, remove 'Xamalicious' now | What it is and how to stay safe?

Security Alert: If you installed these apps, remove 'Xamalicious' now | What it is and how to stay safe?

Security experts at McAfee have uncovered a sneaky Android backdoor named 'Xamalicious,' infecting over 338,000 devices through malicious apps on Google Play.

Written By: Vishal Upadhyay New Delhi Published on: December 28, 2023 14:55 IST
android users, malware alert, xamalicious, what is xamalicious, google play store, McAfee, android
Image Source : FILE Representational Image

A security discovery by McAfee reveals a sneaky Android backdoor named 'Xamalicious,' infecting around 338,300 devices through malicious apps available on Google Play. McAfee identified 14 infected apps on Google Play, with three of them accumulating 100,000 installs each.

User Impact

Although these apps are now removed from Google Play, users who installed them since mid-2020 might still have active infections, requiring manual cleanup and scanning.

Popular Infected Apps

The most popular among these infected apps include:

  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft 
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Dots: One Line Connector
  • Sound Volume Extender

Spread Through Unapproved Stores

In addition to Google Play, 12 malicious apps carrying the Xamalicious threat are spread through unapproved third-party app stores. Users become infected by downloading APK (Android package) files from these sources.

Geographical Impact

The infections are widespread, with the majority found on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina, according to McAfee's telemetry data.

What is Xamalicious? 

Xamalicious is a.NET-based Android backdoor hidden within apps built using the open-source Xamarin framework. This makes code analysis more challenging. It gains Accessibility Service access upon installation, allowing it to execute privileged operations like navigation gestures and hiding on-screen objects.

C2 Server Interaction

After installation, Xamalicious communicates with a Command and Control (C2) server to retrieve the second-stage DLL payload ('cache.bin') if specific conditions related to geography, network, device configuration, and root status are met.

This discovery raises the importance of staying vigilant while downloading apps, even from official app stores, and regularly checking for potential threats on your device.

Inputs from IANS

ALSO READ | Amazon Prime Lite price drop in India: What's new and how it benefits you?

ALSO READ | Learn how to change Google Chrome language on different devices | A quick guide


Read all the Breaking News Live on and Get Latest English News & Updates from Technology