Security

Xamalicious: Android malware affected more than 327,000 smartphones

December 28, 2023

Xamalicious: Android malware affected more than 327,000 smartphones

A new malwarebaptized with the name Xamalicious dal McAfee Mobile Research Teamis spreading online at an impressive speed.

This backdoor was developed using a framework di app mobile open source called Xamarinwhich makes it capable of abusing the accessibility permissions of Android devices.

Among the various capabilities shown by Xamalicious, we can mention the collection of metadata on the compromised phone, the evaluation of the potential value of the same and the potential sending of the packet to a command and control server.

The second phase of the infection involves the injection of a DLL of assembly at runtime level, with the aim of taking full control of the device and performing actions remotely, from the installation of additional malicious apps up to manipulations of various types.

Xamalicious, the malware was detected on 25 apps

What impressed security experts, however, were above all the numbers relating to its diffusion. Xamalicious, in fact, has been identified on well 25 diverse app and, again according to insiders, it was installed at least 327,000 times.

Apparently, some apps involved in this operation are present on Google Play Store even since mid-2020. Among the software identified as carriers of the malware are:

  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Sound Volume Extender
  • LetterLink
  • NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS
  • Step Keeper: Easy Pedometer
  • Track Your Sleep
  • Sound Volume Booster
  • Astrological Navigator: Daily Horoscope & Tarot
  • Universal Calculator.

Researcher Fernando Ruiz wanted to explain how cybercriminals manage to spread Xamalicious by evading security systems “The malware authors encrypted all communications and data transmitted between C2 and the infected device, not only protected by HTTPS, but also encrypted as JSON Web Encryption (JWE) tokens using RSA-OAEP with a 128CBC-HS256 algorithm “.

Since the apps involved are present on the official store, users are advised to pay the utmost attention when installing new software, especially when they ask permissions that are suspicious with respect to the activities he must carry out. A antivirus reliable and constantly updated, then, it can provide an additional level of guarantee.

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Xamalicious: Android malware affected more than 327,000 smartphones

December 28, 2023

Xamalicious: Android malware affected more than 327,000 smartphones

A new malwarebaptized with the name Xamalicious dal McAfee Mobile Research Teamis spreading online at an impressive speed.

This backdoor was developed using a framework di app mobile open source called Xamarinwhich makes it capable of abusing the accessibility permissions of Android devices.

Among the various capabilities shown by Xamalicious, we can mention the collection of metadata on the compromised phone, the evaluation of the potential value of the same and the potential sending of the packet to a command and control server.

The second phase of the infection involves the injection of a DLL of assembly at runtime level, with the aim of taking full control of the device and performing actions remotely, from the installation of additional malicious apps up to manipulations of various types.

Xamalicious, the malware was detected on 25 apps

What impressed security experts, however, were above all the numbers relating to its diffusion. Xamalicious, in fact, has been identified on well 25 diverse app and, again according to insiders, it was installed at least 327,000 times.

Apparently, some apps involved in this operation are present on Google Play Store even since mid-2020. Among the software identified as carriers of the malware are:

  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Sound Volume Extender
  • LetterLink
  • NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS
  • Step Keeper: Easy Pedometer
  • Track Your Sleep
  • Sound Volume Booster
  • Astrological Navigator: Daily Horoscope & Tarot
  • Universal Calculator.

Researcher Fernando Ruiz wanted to explain how cybercriminals manage to spread Xamalicious by evading security systems “The malware authors encrypted all communications and data transmitted between C2 and the infected device, not only protected by HTTPS, but also encrypted as JSON Web Encryption (JWE) tokens using RSA-OAEP with a 128CBC-HS256 algorithm “.

Since the apps involved are present on the official store, users are advised to pay the utmost attention when installing new software, especially when they ask permissions that are suspicious with respect to the activities he must carry out. A antivirus reliable and constantly updated, then, it can provide an additional level of guarantee.

Leave a Reply

Your email address will not be published. Required fields are marked *