More than 327,000 Android devices have been compromised by the novel Xamalicious malware, most of which are in Brazil, the UK, Australia, the U.S., and Mexico, The Hacker News reports.
Twenty-five health, gaming, productivity, and horoscope apps, some of which have been on the Google Play Store since mid-2020, have been used to distribute Xamalicious, which leverages Android accessibility permissions to exfiltrate system metadata and deploy a first-stage dropper enabling primary APK updating and a second-stage payload that could facilitate device takeovers and further malicious actions, a report from the McAfee Mobile Research Team revealed. "To evade analysis and detection, malware authors encrypted all communication and data transmitted between the C2 and the infected device, not only protected by HTTPS, it's encrypted as a JSON Web Encryption (JWE) token using RSA-OAEP with a 128CBC-HS256 algorithm," said researcher Fernando Ruiz. Xamalicious has also been found to be similar to the Cash Magnet ad-fraud app.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds