New 'Xamalicious' malware detected in many Android apps, over 327,000 devices compromised

McAfee's cybersecurity experts have uncovered a new strain of malware, named Xamalicious, that is specifically targeting Android devices. This malicious software has been detected in numerous popular apps available on the Google Play Store.

The McAfee Mobile Research Team found that the malware incorporates an Android backdoor using Xamarin, an open-source framework that facilitates the creation of Android and iOS apps with .NET and C#. This malware, officially named Xamalicious, attempts to gain accessibility privileges through social engineering. Once these privileges are secured, it communicates with a command-and-control server to determine if a second-stage payload should be downloaded.

The second-stage payload, once downloaded, can assume full control over the infected device. This is possible due to the extensive accessibility services granted during the first stage of the malware's implementation.

McAfee has identified approximately 25 different malicious apps carrying this threat. Some variants of these apps have been available on Google Play since mid-2020. Google has proactively removed the apps identified in McAfee's report from Google Play.

According to the number of installations, it is estimated that at least 327,000 devices from Google Play may have been compromised by these apps. This figure does not include installations from third-party markets.