Google removes 13 infected Android apps
Google has removed 13 apps infected with Xamalicious malware, several of which were distributed on the Google Play store. However, Google can’t remotely remove the apps from the user phone if they are already downloaded on the phone. These malicious apps were discovered by the McAfee researcher team that explained Xamalicious to be an Android backdoor built on the Xamarin open-source mobile app platform.
Applications contaminated with Xamalocious employ social engineering strategies to acquire accessibility privileges. Once this is achieved, the device initiates communication with a command-and-control server discreetly.
Subsequently, the server downloads a second payload onto the phone, enabling it to "take full control of the device and potentially engage in fraudulent actions, such as clicking on ads, installing apps, and other financially motivated actions without user consent."
“The usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code,” says McAfee’s Mobile Research Team. “In addition, malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.”
Google spokesperson Ed Fernandez said that Google Play Protect shields users from malware no matter where it comes from. If an Android user did download one of these apps, they would have received a warning, and it would have been automatically uninstalled. Also, if they tried to install the app after the malware was identified, they would get a warning, and Android would block them from downloading it.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.