In a new security discovery, McAfee revealed the existence of a sneaky Android backdoor named Xamalicious, which has infected around 338,000 devices through malicious apps available on Google Play.
The backdoor is hidden within apps built using the open-source Xamarin framework, making it challenging to detect and analyse.
According to McAfee's telemetry data, the majority of infections were found on devices in the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina.
The 14 infected apps identified by McAfee include popular titles such as Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, Logo Maker Pro, Auto Click Repeater, Count Easy Calorie Calculator, Dots: One Line Connector, Sound Volume Extender, and more.
Once installed, Xamalicious gains access to the device's sensitive data and system functions through the Accessibility Service, allowing it to execute privileged operations like navigation gestures and hiding on-screen objects.
The backdoor also communicates with a Command and Control (C2) server to retrieve a second-stage DLL payload ("cache.bin") if specific conditions related to geography, network, device configuration, and root status are met.
This discovery highlights the importance of staying vigilant while downloading apps, even from official app stores.
Users are advised to regularly check their devices for potential threats and take necessary measures to protect their data and system from malware infections.
Also watch: OxygenOS 14 rolls out in India for OnePlus 9, 9 Pro, 9RT & Nord 2T