Begin typing your search above and press return to search.
proflie-avatar
Login
exit_to_app
DEEP READ
Munambam Waqf issue decoded
access_time 16 Nov 2024 10:48 PM IST
Ukraine
access_time 16 Aug 2023 11:16 AM IST
Foreign espionage in the UK
access_time 22 Oct 2024 2:08 PM IST
Netanyahu: the world’s Number 1 terrorist
access_time 5 Oct 2024 11:31 AM IST
exit_to_app
Homechevron_rightTechnologychevron_right330K devices infected...

330K devices infected via malicious apps on Google Play

text_fields
bookmark_border
330K devices infected via malicious apps on Google Play
cancel

New Delhi: Researchers have discovered that a backdoor for Android known as "Xamalicious" has infected over 338,300 devices using malicious Google Play apps.

14 malicious apps were found on Google Play by computer security software provider McAfee, three of which had 100,000 installs each, according to Bleeping Computer.

Although the apps have been removed from Google Play, users who installed them since mid-2020 may still have active Xamalicious infections on their phones, which require manual cleanup and scanning.

The most popular of the Xamalicious apps include -- Essential Horoscope for Android (100,000 installs), 3D Skin Editor for PE Minecraft (100,000 installs), Logo Maker Pro (100,000 installs), Auto Click Repeater (10,000 installs), Count Easy Calorie Calculator (10,000 installs), Dots: One Line Connector (10,000 installs), and Sound Volume Extender (5,000 installs).

In addition, a distinct group of 12 malicious apps carrying the Xamalicious threat is disseminated on unapproved third-party app stores, infecting users via downloading APK (Android package) files, the report mentioned.

The majority of infections were installed on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina, according to McAfee telemetry data.

Xamalicious is a.NET-based Android backdoor that is placed (as 'Core.dll' and 'GoogleService.dll') within apps built with the open-source Xamarin framework, making code analysis more difficult.

It asks Accessibility Service access upon installation, allowing it to perform privileged operations such as navigation gestures, hide on-screen objects, and grant itself further permissions.

Following installation, it contacts the C2 (command and control) server to retrieve the second-stage DLL payload ('cache.bin') if certain geographical, network, device configuration, and root status requirements are met.


With inputs from IANS

Show Full Article
TAGS:malwareGoogle Play
Next Story