13 Malicious Android Apps You Should Delete Immediately
We’re ending the year with another crop of malicious Android apps you should delete from your phone ASAP.
The McAfee Mobile Research Team uncovered apps in Google Play and third-party app stores that are infected with malware it’s dubbed Xamalicious because it’s “implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.”
Once installed, a malicious app “tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload.” If the second-stage payload is installed, it can take full control of your device, meaning “it has the potential to perform any type of activity like a spyware or banking trojan without user interaction,” McAfee says.
The apps can also do things like install other apps or click on ads without your consent. The Cash Magnet app, for example, automatically clicks ads and installs apps to fraudulently generate revenue; users think they’re earning points to be redeemable as a retail gift card.
“This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious,” McAfee says.
McAfee identified 25 apps that contain the threat, 13 of which were distributed on Google Play, some as far back as 2020. It notes that “the usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code.
“Malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server,” McAfee adds.
McAfee estimates the apps have potentially compromised 327,000 devices from Google Play, in addition to any downloads that were made from third-party markets. Most Xamalicious activity was detected in the US, Brazil, and Argentina, though infections were also reported in the UK, Spain, and Germany.
Google removed the apps from Google Play after McAfee reported them. But there’s a chance you might still have them…
