Google banned 13 infected Android apps, so delete them from your phone

For what will hopefully be the last time in 2023, we have a few more malicious Android apps to warn you about. The McAfee Mobile Research Team recently uncovered 25 apps infected with Xamalicious malware, several of which were distributed on the Google Play store. Google has since removed the apps, but they might still be on your phone. If so, you should delete them as soon as possible and keep an eye on your accounts.

These are the infected apps that have since been removed from Google Play:

• Essential Horoscope for Android – 100,000 downloads
• 3D Skin Editor for PE Minecraft – 100,000 downloads
• Logo Maker Pro – 100,000 downloads
• Auto Click Repeater – 10,000 downloads
• Count Easy Calorie Calculator – 10,000 downloads
• Sound Volume Extender – 5,000 downloads
• LetterLink – 1,000 downloads
• NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS – 1,000 downloads
• Step Keeper: Easy Pedometer – 500 downloads
• Track Your Sleep – 500 downloads
• Sound Volume Booster – 100 downloads
• Astrological Navigator: Daily Horoscope & Tarot – 100 downloads
• Universal Calculator – 100 downloads

As the McAfee researchers explain, Xamalicious is an Android backdoor built on the Xamarin open-source mobile app platform. Apps infected with Xamalocious use social engineering tactics to gain accessibility privileges, at which point the device begins communicating with a command-and-control server without the device owner being any the wiser.

That server then downloads a second payload on to the phone that can “take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps among other actions financially motivated without user consent.”

“The usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code,” says McAfee’s Mobile Research Team. “In addition, malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.”

Once again, these apps are no longer available to download on Google Play. That’s the good news, but Google can’t remotely remove the apps from your phone if you already downloaded them. Be sure to do a quick sweep of your app list to be safe.

For what will hopefully be the last time in 2023, we have a few more malicious Android apps to warn you about. The McAfee Mobile Research Team recently uncovered 25 apps infected with Xamalicious malware, several of which were distributed on the Google Play store. Google has since removed the apps, but they might still be on your phone. If so, you should delete them as soon as possible and keep an eye on your accounts.

These are the infected apps that have since been removed from Google Play:

• Essential Horoscope for Android – 100,000 downloads
• 3D Skin Editor for PE Minecraft – 100,000 downloads
• Logo Maker Pro – 100,000 downloads
• Auto Click Repeater – 10,000 downloads
• Count Easy Calorie Calculator – 10,000 downloads
• Sound Volume Extender – 5,000 downloads
• LetterLink – 1,000 downloads
• NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS – 1,000 downloads
• Step Keeper: Easy Pedometer – 500 downloads
• Track Your Sleep – 500 downloads
• Sound Volume Booster – 100 downloads
• Astrological Navigator: Daily Horoscope & Tarot – 100 downloads
• Universal Calculator – 100 downloads

As the McAfee researchers explain, Xamalicious is an Android backdoor built on the Xamarin open-source mobile app platform. Apps infected with Xamalocious use social engineering tactics to gain accessibility privileges, at which point the device begins communicating with a command-and-control server without the device owner being any the wiser.

That server then downloads a second payload on to the phone that can “take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps among other actions financially motivated without user consent.”

“The usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code,” says McAfee’s Mobile Research Team. “In addition, malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.”

Once again, these apps are no longer available to download on Google Play. That’s the good news, but Google can’t remotely remove the apps from your phone if you already downloaded them. Be sure to do a quick sweep of your app list to be safe.