Another 13 Android apps have “pierced” the Play Store and have been downloaded hundreds of thousands of times with, inside, a dangerous virus.
New year, old threats: The cybersecurity company McAfee has found 13 other infected apps dangerous for those who download them on Google’s Play Store, which had passed the checks of the Android app store without significant problems.
But that’s not all: among these apps, there is even one that had already been “pinched” four years ago, republished after a quick restyling to camouflage it. These apps had the Android/Xamalicious trojan, capable of thoroughly spying on the phone and the user.
What Are The Infected Apps?
As is often the case when infected apps are discovered, there is a little bit of everything in between: from games to utilities, from horoscopes to graphics apps. This was also the case this time, and McAfee has released the list of infected apps:
- Essential Horoscope for Android
- 3D Skin Editor for PE Minecraft
- Logo Maker Pro
- Auto Click Repeater
- Count Easy Calorie Calculator
- Sound Volume Extender
- Numerology: personal horoscope & number predictions
- Step Keeper: Easy Pedometer
- Track Your Sleep
- Sound Volume Booster
- Astrological Navigator: Daily Horoscope & Tarot
- Universal Calculator
All these apps were present on Google’s Play Store, and, most likely, they are still present in other alternative stores where the security controls are less than those put in place by Google through the Play Protect system.
According to McAfee, the bulk of downloads of these apps took place in South America, but the United States and Europe are also affected by the problem.
One such app, “LetterLink,” is a copy of 2019’s “Cash Magnet,” a scam app that used infected phones to open banner ads in the background.
Why Android/Xamalicious Is Dangerous
Android/Xamalicious is a trojan, a malware that sneaks into your smartphone using encryption techniques to disguise its presence and bypass security controls.
Once inside the phone, however, it takes advantage of the Android app permissions system to gain the ability to spy on the device and, consequently, the user.
Every Android app, even the “clean” ones, asks the user for some permissions during installation to access parts of the device that it needs to function. A photo app, for example, will ask for access to your phone’s camera and storage space. Infected apps usually also ask for what they shouldn’t theoretically ask for; if they get permission, they start spying on the user.
McAfee gives the example of the permissions required by the Numerology: personal horoscope & number predictions app, which include the ability to read and control what appears on the screen and what the user does with other apps through the ability to “track your interactions with an AP or hardware sensors, and interact with apps on your behalf.”
It is clear that if an infected app has these permissions, the Trojan it hides can do whatever it wants on the phone.
How To Defend Yourself From Android/Xamalicious
McAfee found Android/Xamalicious in 13 infected apps, published months ago on the Play Store and then removed by Google, following a report by the cyber security company.
In such cases, the Google Play Protect system autonomously uninstalls infected apps discovered after phone publication without user intervention. But if the user downloaded the app from other sources, such as third-party stores, the Play Protect won’t work, and the app will remain on the phone.
Even Play Protect, however, sometimes does not work 100%. For this reason, our advice is always to check if one of the infected apps is discovered on your phone and, if there is, remove it as soon as possible and then install a good antivirus and thoroughly scan all the files on the device.