Urgent warning issued to Android users: Delete these malicious apps immediately

New malware infected hundreds of thousands of Android devices before being taken down from the Google Play Store.

Android malware infection
© Patrick Tomasso/Unsplash
Android malware infection

Uploading applications with hidden malware to the Google Play Store has become a business model for many. As we have seen in the past, new implementations of this come out very frequently, putting every Android user at risk as it can be complicated to detect.

Discover our latest podcast

Security company McAfee made another malware discovery when they identified 15 applications with a very intricate backdoor built-in. The malware dubbed Xamalicious tries to gain accessibility privileges to phones through social engineering, meaning it attempts to manipulate the user into consenting to these privileges. The malware then communicates with a server and assesses if it should download a payload onto the device that takes full control of it.

The size of the damage

According to McAfee, these applications may have infected at least 327,000 devices on the Google Play Store. While these applications have been removed from the store, Android users who have previously downloaded them and may not be aware should immediately delete them. Furthermore, this malware is continuously repackaged to produce new infections which means that the threat persists.

The users infected were reported to be in the USA, Brazil, and Argentina. In Europe, The UK, Spain and Germany were particularly targeted.

The list of applications

  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Sound Volume Extender
  • LetterLink
  • Step Keeper: Easy Pedometer
  • Track Your Sleep
  • Sound Volume Booster
  • Astrological Navigator: Daily Horoscope & Tarot
  • Universal Calculator
  • Dots: One Line Connector
  • CashMagnet

What to look out for

The biggest red flag in this type of exploit is that it requires the user to consent to accessibility services. This means that users have to look out for any application that requests access to these without a clear and defined reason. Any application that keeps trying to ‘convince’ you to provide these is to be avoided unless it is for a genuine use case.

Furthermore one should always have security measures for when a device is ultimately compromised. Use security software that is always up to date and make sure your passwords are managed by a password manager that adds another safety layer.

Read more:

Safety warning issued to iPhone and Android users: Delete these apps now

Google warns millions to update their Chrome browser over risky bug, here's what you should do


McAfee: Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices

Google warns millions of Android users to delete these apps today Google warns millions of Android users to delete these apps today