338,000 Google Play Users infected with 'Xamalicious' Malware

338,000 Google Play Users infected with 'Xamalicious' Malware

News by Roberto Orosa
Published: December 29, 2023

Several Google Play apps were spotted to have the "Xamalicious" Malware, infecting an estimated 338,000 Android users that have downloaded them.

McAfee's cybersecurity team found 14 apps carrying the new Android backdoor, with some having over 100,000 downloads. 

These apps include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, and Logo Maker Pro, all of which have 100,000 installs each. Other infected apps include Auto Click Repeater and Count Easy Calorie Calculator.

Xamalicious, a .NET-based malware embedded in these apps, was developed using the Xamarin framework.

Once an app containing this is installed, it will request users for access to the Accessibility Service, which lets it conduct actions such as navigation and allows itself to grant permissions. 

The malware is also able to gather device and hardware information such as Android model and brand, geographical information of the device such as IP address, and more — placing the user's cybersecurity at risk. 

While the apps have been removed from Google Play upon discovering they contain dangerous malware, users who have downloaded these apps between 2020 and now are still at risk of Xamalicious actively infecting their phones.

Users at risk include those in the U.S., Spain, the U.K., Australia, Brazil, Argentina and Mexico.

Subscribe to Spotlight Newsletter
Subscribe to our newsletter to get the latest industry news