In a recent discovery, McAfee researchers have detected a concerning threat within the Android landscape, a sophisticated backdoor malware named 'Xamalicious.' Targeting approximately 327,000 devices, this insidious software made its way through deceptive apps lurking on the Google Play Store. Crafted using Xamarin, an open-source framework for developing Android and iOS apps with .NET and C#, Xamalicious employs social engineering to acquire accessibility privileges, as detailed in a recent blog post by the McAfee Mobile Research Team.
Once successful, the malware establishes a connection with a command-and-control server, determining whether to deploy a second-stage payload. This dynamic payload, injected as an assembly DLL at runtime, grants the attacker full control over the compromised device.
We are now on WhatsApp. Click to join.
The ramifications of this backdoor are severe, potentially leading to unauthorized activities such as ad clicks, app installations, and other financially motivated actions without the user's knowledge or consent. The second-stage payload, armed with powerful accessibility services obtained in the initial stage, can take complete control of the infected device. This includes functions for self-updating the main APK, opening the door to various activities, ranging from spyware to banking trojans, all without requiring user interaction.
The report disclosed that the Xamalicious malware was discovered in 14 compromised apps, three of which had already amassed 100,000 installations each before being swiftly removed from the Play Store. While these apps are no longer accessible, users who may have inadvertently downloaded them are strongly urged to delete the applications from their devices
Mobile
Target
Google
Software
Android
malware
social