The McAfee Mobile research team discovered 25 apps that contained the Xamalicious malware.
Some of these apps were installed directly from the Google Play Store, and Google removed them before McAfee even publicly disclosed their names. Most apps infected by Xamalicious are in the categories: games, health, horoscope and productivity.
Although Google removed the Xamalicious-infected apps from the Play Store, McAfee reports that most of them are still available in third-party Stores.
Apps infected with the Xamalicious malware use “social engineering” to gain access privileges that allow a user's device to communicate with a command and control server without the owner's knowledge. At that point, a second piece of malware is downloaded that "will take full control of the device and potentially run malicious actions such as clicking ads, installing financially motivated apps without the user's consent."
Although the infected apps are no longer available on the Play Store, you should remove them from your devices immediately.
The 13 applications are:
Package Name | App Name | installs |
com.anomenforyou.essentialhoroscope | Essential Horoscope for Android | 100,000 |
com.littleray.skineditorforpeminecraft | 3D Skin Editor for PE Minecraft | 100,000 |
com.vyblystudio.dotslinkpuzzles | Logo Maker Pro | 100,000 |
com.autoclickrepeater.free | Auto Click Repeater | 10,000 |
com.lakhinstudio.counteasycaloriecalculator | Count Easy Calorie Calculator | 10,000 |
com.muranogames.easyworkoutsathome | Sound Volume Extender | 5,000 |
com.regaliusgames.llinkgame | LetterLink | 1,000 |
com.Ushak.NPHOROSCOPENUMBER | NUMEROLOGY: PERSONAL HOROSCOPE & NUMBER PREDICTIONS | 1,000 |
com.browgames.stepkeepereasymeter | Step Keeper: Easy Pedometer | 500 |
com.shvetsStudio.trackYourSleep | Track Your Sleep | 500 |
com.devapps.soundvolumebooster | Sound Volume Booster | 100 |
com.Osinko.HoroscopeTaro | Astrological Navigator: Daily Horoscope & Tarot | 100 |
com.Potap64.universalcalculator | Universal Calculator | 100 |
Agreed