Following the recent alert advising millions of Android users to check for the ‘SpyLoan’ malware, a new threat named ‘Xamalicious’ has emerged. Disguised within various apps on Google’s Play Store, this backdoor has prompted concerns. McAfee’s report highlights that the trojan is associated with health, games, horoscopes, and productivity apps. Although Google has removed the apps from its store, McAfee cautions that many are still accessible via third-party marketplaces, urging Android users to exercise caution.
These apps employ deceptive tactics to manipulate users into granting accessibility privileges, allowing them unauthorized control over normally restricted device features. Among the warnings conveyed in this report, this particular aspect deserves heightened attention and concern.
This marks the second accessibility warning for Android users within a month. The first involves the resurgence of the “Chameleon” trojan, which manipulates users into granting accessibility requests, exploiting Android’s recently enhanced “restricted settings.” In this instance, the trojan compromises a device’s biometric security, posing a significant risk of financial information theft.
ThreatFabric, the entity that detected this latest variant, cautions about the manipulation of accessibility settings and dynamic activity launches. They emphasize that the new Chameleon is a sophisticated Android malware strain. However, it’s essential to clarify that the malware remains benign unless users willingly grant access, allowing it to infect their devices with its advanced capabilities.
As for Xamalicious, the following are the Play Store apps that require immediate deletion—keep in mind that Google banning an app from its store doesn’t remove it from your device. Although this warning is associated with download numbers still in the hundreds of thousands rather than millions, it’s crucial to note that there might be additional installs from third-party stores, especially for those venturing onto that particularly risky terrain.
Xamalicious Apps:
- Essential Horoscope for Android
- 3D Skin Editor for PE Minecraft
- Logo Maker Pro
- Auto Click Repeater
- Count Easy Calorie Calculator
- Sound Volume Extender
- LetterLink
- Numerology: Personal Horoscope & Number Predictions
- Step Keeper: Easy Pedometer
- Track Your Sleep
- Sound Volume Booster
- Astrological Navigator: Daily Horoscope & Tarot
- Universal Calculator
Xamalicious employs a straightforward method to gain privileges, enabling communication with its command and control server. Once installed, it transmits comprehensive device information, including hardware, OS, installed apps, location, and network details. At this point, it receives instructions to download and install malicious code, leading to device control or background activity.
On the other hand, the recently identified Chameleon variant takes a different approach by masquerading as a Google Chrome app. However, it exploits the same accessibility privilege abuse for account and device takeovers. This trojan circumvents biometric authentication, opting for a PIN instead, allowing it to pilfer user account credentials. While biometric data remains secure, the forced switch to PIN authentication bypasses biometric protection entirely.
harmful apps might request changes to settings that jeopardize your device or data. To shield against such threats, certain device settings are restricted upon app installation. These restrictions can only be altered if you grant permission for restricted settings.
Google warns
As Google cautions Android users, “harmful apps might request changes to settings that jeopardize your device or data. To shield against such threats, certain device settings are restricted upon app installation. These restrictions can only be altered if you grant permission for restricted settings.”
The solution is straightforward—refrain from granting such privileges to ANY app unless it originates from a reputable brand like Apple, Google, or Microsoft and genuinely necessitates such access based on your specific use of the app.
Google’s more open approach to app permissions and the availability of apps outside its official store, in contrast to Apple, does come with a trade-off. While it provides users with more flexibility, it also increases the vulnerability to Play Store malware compared to Apple’s more tightly controlled App Store.
