Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Applications with the Xamalicious malware have already been installed via Google Play more than 327,000 times.
Analysts from the company McAfee have identified a new malicious backdoor for Android, called Xamalicious . According to experts, it was developed on the basis of the open mobile platform Xamarin and uses access permissions in the operating system to achieve its goals.
Xamalicious collects metadata about the system and communicates with the command server to receive a secondary malicious load. But first, the program checks whether the device is suitable for attackers for their fraudulent operations. The second malicious module is implemented unnoticed in the form of a DLL library and allows hackers to gain full access and control over the infected smartphone.
After taking control, the backdoor can secretly perform various fraudulent activities: simulate clicks on ads, install apps without the user's knowledge, collect confidential data, and other commands that allow you to make illegal profits.
McAfee experts identified 25 applications with an active Xamalicious threat. Some of them have been distributed through the official Google Play store since mid-2020 and have been installed more than 327,000 times. Among the infected programs are popular horoscope and fortune-telling apps, as well as utilities for setting up sound, calculators, step counters, and other everyday tools.
To hide their activity, criminals carefully encrypt all communication between the infected device and the command server. In addition to HTTPS encryption, JSON Web Encryption with the RSA-OAEP algorithm is used.
According to a statement from McAfee, a link was established between the Xamalicious malware and the Cash Magnet application designed to scam online advertising. Cash Magnet is used for mass app downloads and simulating clicks on banners.
According to McAfee researchers, using non-standard languages and frameworks such as Flutter, React Native, and Xamarin helps malware developers stay undetected. Google has assured that Play Protect technologies protect Android users both in and out of the app store.
If an app with this threat has already been installed, the smartphone owner will receive a warning and it will be automatically removed from the device. The installation attempt will be blocked during the verification stage.
The disclosure of information about Xamalicious coincided with reports from McAfee about another attack on Indian users using a banking Trojan. Attackers distribute malicious programs disguised as banking apps via WhatsApp. Victims are tricked into installing these programs and providing access to text messages, after which the scammers easily obtain credentials to access their accounts and make unauthorized transactions.
According to McAfee experts, India shows a high level of vulnerability to this banking Trojan, although cases of infection have been detected in other countries.
Analysts from the company McAfee have identified a new malicious backdoor for Android, called Xamalicious . According to experts, it was developed on the basis of the open mobile platform Xamarin and uses access permissions in the operating system to achieve its goals.
Xamalicious collects metadata about the system and communicates with the command server to receive a secondary malicious load. But first, the program checks whether the device is suitable for attackers for their fraudulent operations. The second malicious module is implemented unnoticed in the form of a DLL library and allows hackers to gain full access and control over the infected smartphone.
After taking control, the backdoor can secretly perform various fraudulent activities: simulate clicks on ads, install apps without the user's knowledge, collect confidential data, and other commands that allow you to make illegal profits.
McAfee experts identified 25 applications with an active Xamalicious threat. Some of them have been distributed through the official Google Play store since mid-2020 and have been installed more than 327,000 times. Among the infected programs are popular horoscope and fortune-telling apps, as well as utilities for setting up sound, calculators, step counters, and other everyday tools.
To hide their activity, criminals carefully encrypt all communication between the infected device and the command server. In addition to HTTPS encryption, JSON Web Encryption with the RSA-OAEP algorithm is used.
According to a statement from McAfee, a link was established between the Xamalicious malware and the Cash Magnet application designed to scam online advertising. Cash Magnet is used for mass app downloads and simulating clicks on banners.
According to McAfee researchers, using non-standard languages and frameworks such as Flutter, React Native, and Xamarin helps malware developers stay undetected. Google has assured that Play Protect technologies protect Android users both in and out of the app store.
If an app with this threat has already been installed, the smartphone owner will receive a warning and it will be automatically removed from the device. The installation attempt will be blocked during the verification stage.
The disclosure of information about Xamalicious coincided with reports from McAfee about another attack on Indian users using a banking Trojan. Attackers distribute malicious programs disguised as banking apps via WhatsApp. Victims are tricked into installing these programs and providing access to text messages, after which the scammers easily obtain credentials to access their accounts and make unauthorized transactions.
According to McAfee experts, India shows a high level of vulnerability to this banking Trojan, although cases of infection have been detected in other countries.
