Xamalicious: Researchers identify new Android backdoor which infected 338,300 devices via malicious apps on Google Play

Experts believe an Android backdoor named ‘Xamalicious’ has infected approximately 338,300 devices via malicious apps on Android’s app store Google Play.

New Android malware infects 338,300 devices via malicious apps on Google Play. Photo Courtesy: Unsplash

McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google Play, with three having 100,000 installs each, reported Bleeping Computer.

Even though the apps have since been removed from Google Play, users who installed them since mid-2020 might still carry active Xamalicious infections on their phones, requiring manual scans and cleanup, the news portal reported.

McAfee’s telemetry data showed most of the infections were reported from devices in the United States, Germany, Spain, the U.K., Australia, Brazil, Mexico, and Argentina.

 What is Xamalicious?

Xamalicious is a .NET-based Android backdoor embedded (in the form of ‘Core.dll’ and ‘GoogleService.dll’) within apps developed using the open-source Xamarin framework, making the analysis of its code more challenging, reported Bleeping Computer.

Upon installation, it requests access to the Accessibility Service, enabling it to perform privileged actions like navigation gestures, hide on-screen elements, and grant additional permissions to itself, the news portal reported.