James in Tech

New Android malware family has infected thousands of devices – here’s what we know

Cybersecurity researchers at McAfee have discovered more than a dozen malicious apps lurking in the Google Play Store.

The researchers claim that these apps contained powerful malware, which could steal sensitive data from the infected Android devices and possibly even commit ad fraud.

The apps were downloaded no less than 330,000 times.

Accessibility service

According to the researchers, the backdoor is called “Xamalicious” and has been discovered so far in the following apps:

– Essential Horoscope for Android – 100,000 installs

– 3D Skin Editor for PE Minecraft – 100,000 installs

– Logo Maker Pro – 100,000 installs

– Auto Click Repeater – 10,000 installations

– Count Easy Calorie Calculator – 10,000 installations

– Points: one line connector – 10,000 installations

– Sound volume extender – 5,000 installations

After labeling them as malicious, Google removed these apps from the app repository.

While Google's move is commendable, this move does not protect users who have already downloaded the apps in the past, some of which have reportedly been available for download since mid-2020. They will have to remove them manually and use an anti-virus or cleaning program to remove any loose ends.

The majority of victims were found in the US, Britain, Germany, Spain, Australia, Brazil, Mexico and Argentina.

To work properly, the malware asks the victim for permission to access the Accessibility Service, which is often a red flag and should help most people distinguish a malicious app from a legitimate one.

That said, if Accessibility is enabled, the malware can collect device and hardware information including Android ID, brand, CPU, model, OS version, language, developer options status, SIM information, and firmware. Moreover, it can identify the physical location of the device, the name of the ISP, the organization and the services. It also comes with a few features that allow you to determine whether it is installed on an original device or on an emulator.

Finally, the malware can extract a second-stage payload from the C2 server.

Through BleepingComputer

More from Ny Breaking

Next Read: America's most expensive steak? Manhattan restaurant is offering $20K meal for two on New Year's Eve that comes with gold-wrapped Wagyu steak and unlimited Dom Perignon (but you STILL have to tip!) »

Top 3 Methods for Installing Apps on Fire TV Stick from External Sources
Plenty of apps in the market feature a variety of content for different people. You…
What are the Top Key Innovations in Fintech?
In the dynamic finance landscape, staying ahead of the curve is crucial, and India's burgeoning…
Revolutionizing Comfort: Unveiling the Hot Trends in Heat Pump Hot Water Systems
In the ever-evolving landscape of sustainable living, Australians are embracing a new era of energy…