Researchers find new Android backdoor which infected 338,300 devices via malicious apps
Experts believe an Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Android's app store Google Play.
McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google Play, with three having 100,000 installs each, reported Bleeping Computer.
Even though the apps have since been removed from Google Play, users who installed them since mid-2020 might still carry active Xamalicious infections on their phones, requiring manual scans and cleanup, the news portal reported.
McAfee's telemetry data showed most of the infections were reported from devices in the United States, Germany, Spain, the U.K., Australia, Brazil, Mexico, and Argentina.
What is Xamalicious?
Xamalicious is a .NET-based Android backdoor embedded (in the form of 'Core.dll' and 'GoogleService.dll') within apps developed using the open-source Xamarin framework, making the analysis of its code more challenging, reported Bleeping Computer.
Upon installation, it requests access to the Accessibility Service, enabling it to perform privileged actions like navigation gestures, hide on-screen elements, and grant additional permissions to itself, the news portal reported.
Support Our Journalism
We cannot do without you.. your contribution supports unbiased journalism
IBNS is not driven by any ism- not wokeism, not racism, not skewed secularism, not hyper right-wing or left liberal ideals, nor by any hardline religious beliefs or hyper nationalism. We want to serve you good old objective news, as they are. We do not judge or preach. We let people decide for themselves. We only try to present factual and well-sourced news.