Security News > 2023 > December > New Xamalicious Android malware installed 330k times on Google Play
A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store.
Even though the apps have since been removed from Google Play, users who installed them since mid-2020 might still carry active Xamalicious infections on their phones, requiring manual scans and cleanup.
GetURL: Requests the second-stage payload from the C2 server by providing the Android ID and receives the status and potentially an encrypted assembly DLL. McAfee has also found links between Xamalicious and an ad-fraud app called 'Cash Magnet,' which automatically clicks ads and installs adware on the victim's device to generate revenue for its operators.
Although Google Play isn't immune to malware uploads, initiatives like the App Defense Alliance aim to detect and remove novel threats that appear on the app store, which isn't the case on unofficial and poorly moderated platforms.
Google Play adds security audit badges for Android VPN apps.
Avast confirms it tagged Google app as malware on Android phones.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)