Thousands of unsuspecting Android users downloaded these 25 apps — potentially allowing cyber crooks to control their device remotely, install apps, and hide what's really happening on-screen
New malware strain "Xamalicious" has been discovered lurking in the Google Play Store
Security experts have identified 25 new apps that could cause chaos for Android users.
The malware, known Xamalicious, is designed to take control of your device so that it can install further software onto your smartphone or tablet. It’s also used to click adverts behind your back to generate revenue for the hackers, the experts from anti-virus firm McAfee have warned.
This new strain of malware was discovered inside 14 applications available in the Google Play Store. Three of these apps had been installed on over 100,000 devices before the McAfee experts were able to get Google to remove them from the digital store.
While these apps are no longer available to download — that only stops new victims from getting infected by the bogus software. The thousands who have already downloaded these apps will need to manually remove them from their Android phones, tablets, or Chromebooks to be safe.
McAfee data reveals most of the installations took place in the UK, United States, Brazil, Spain and Germany.
A further 11 apps laced with Xamalicious were discovered online outside of the Play Store. These were only available to those who manually install software via APK from other sources, so impacts a much smaller number of Android devices.
To be able to remotely install software onto your Android phone, hackers had to be able to control what’s happening on-screen without any physical access to your device. Xamalicious was able to do this through accessibility features built-into Android for legitimate software.
All 25 dangerous apps sought to convince Android users to grant access to accessibility features during the installation process. If that request was approved, these troubling apps could hide on-screen elements so you wouldn’t be able to see anything awry as the malicious code started to install new apps or clicked adverts to fill cyber crooks’ bank accounts.
“Avoid using apps that require accessibility services unless there is a genuine need for use. If a new app tries to convince you to activate accessibility services claiming that it’s required without a real and reasonable reason and requesting to ignore the operative system warning, then it’s a red flag,” experts from McAfee advise.
Google works hard to keep malware out of its Play Store, so that Android users can install apps without worrying about cyber attacks. Dubbed Google Play Protect, this system scans 125 billion apps daily across Android devices to protect you from malware and unwanted software.
If the AI-powered system finds a potentially harmful app, Google Play Protect can take certain actions such as sending you a warning, preventing an app install, or disabling the app automatically.
However, digital crooks are getting smarter all of the time and apps will slip through the net. We’ve got the full list of all 13 malicious apps spotted by McAfee researchers in the Google Play Store below.
If you find any of these on your devices — don’t wait for Google Play Protect to kick-in, just delete them now.
LATEST DEVELOPMENTS
All of the malicious apps identified by researchers were built with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.
This is behind the Xamalicious name of the malware, but might also explain why some of the apps — first launched onto the Google Play Store back in 2020 — took so long to find.
The researchers conclude: “Android applications written in non-java code with frameworks such as Flutter, react native and Xamarin can provide an additional layer of obfuscation to malware authors that intentionally pick these tools to avoid detection and try to stay under the radar of security vendors and keep their presence on apps markets.”
