Xamalicious: Researchers identify new Android backdoor which infected 338,300 devices via malicious apps on Google Play

Experts imagine an Android backdoor named ‘Xamalicious’ has infected roughly 338,300 devices via malicious apps on Android’s app retailer Google Play.

McAfee, a member of the App Defense Alliance, found 14 infected apps on Google Play, with three having 100,000 installs every, reported Bleeping Computer.

Even although the apps have since been faraway from Google Play, customers who put in them since mid-2020 may nonetheless carry energetic Xamalicious infections on their telephones, requiring guide scans and cleanup, the information portal reported.

McAfee’s telemetry knowledge confirmed a lot of the infections had been reported from devices within the United States, Germany, Spain, the U.Okay., Australia, Brazil, Mexico, and Argentina.

What is Xamalicious?

Xamalicious is a .NET-based Android backdoor embedded (within the type of ‘Core.dll’ and ‘GoogleService.dll’) inside apps developed utilizing the open-source Xamarin framework, making the evaluation of its code tougher, reported Bleeping Computer.

Upon set up, it requests entry to the Accessibility Service, enabling it to carry out privileged actions like navigation gestures, disguise on-screen parts, and grant extra permissions to itself, the information portal reported.