McAfee identifes malware that has potentially compromised 327,000 Android devices. If you downloaded any on these 13 apps from Google Play, uninstall them now.
We're ending the year with another crop of malicious Android apps you should delete from your phone ASAP.
The McAfee Mobile Research Team uncovered apps in Google Play and third-party app stores that are infected with malware it's dubbed Xamalicious because it's "implemented with Xamarin , an open-source framework that allows building Android and iOS apps with .NET and C#."
Once installed, a malicious app "tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload." If the second-stage payload is installed, it can take full control of your device, meaning "it has the potential to perform any type of activity like a spyware or banking trojan without user interaction," McAfee says.
The apps can also do things like install other apps or click on ads without your consent. The Cash Magnet app, for example, automatically clicks ads and installs apps to fraudulently generate revenue; users think they're earning points to be redeemable as a retail gift card.
This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious," McAfee says.
McAfee identified 25 apps that contain the threat, 13 of which were distributed on Google Play, some as far back as 2020. It notes that "the usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code.
"Malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server," McAfee adds.
McAfee estimates the apps have potentially compromised 327,000 devices from Google Play, in addition to any downloads that were made from third-party markets. Most Xamalicious activity was detected in the US, Brazil, and Argentina, though infections were also reported in the UK, Spain, and Germany.
Google removed the apps from Google Play after McAfee reported them. But there’s a chance you might still have them installed on your device. If so, you should delete them immediately. Here’s the full list of apps (and their package names) that were once on Google Play and how many downloads they received.
Essential Horoscope for Android (om.anomenforyou.essentialhoroscope) – 100,000 downloads
3D Skin Editor for PE Minecraft (com.littleray.skineditorforpeminecraft) – 100,000
Logo Maker Pro (com.vyblystudio.dotslinkpuzzles) – 100,000
Auto Click Repeater (com.autoclickrepeater.) – 10,000
Count Easy Calorie Calculator (com.lakhinstudio.counteasycaloriecalculator) – 10,000
Sound Volume Extender (com.muranogames.easyworkoutsathome) – 5,000
LetterLink (com.regaliusgames.llinkgame) – 1,000
NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS (com.Ushak.NPHOROSCOPENUMBER) – 1,000
Step Keeper: Easy Pedometer (com.browgames.stepkeepereasymeter) – 500
Track Your Sleep (com.shvetsStudio.trackYourSleep) – 500
Sound Volume Booster (com.devapps.soundvolumebooster) – 100
Astrological Navigator: Daily Horoscope & Tarot (com.Osinko.HoroscopeTaro) – 100
Universal Calculator (com.Potap64.universalcalculator) – 100