Malware found in Android apps

Diego Germán González

4 minutes

Malware found in Android applications

There was a time when app stores seemed like the ultimate solution to security problems. However Malware was found in Android applications. And, no less than in the official Google store itself

The mobile investigations team at antivirus company McAfee claims to have identified malware that could have compromised at least 327,000 devices Android. The streaming media are 13 apps that were downloaded from Google Play and other third-party app stores.

Malware found in Android apps

There is something to be said in favor of computer criminals. They did not create the malware using proprietary software, The malicious program was named Xamalicious because it was implemented with Xamarin, the open source framework that was created to build applications for Android and iOS with .NET and C#.

When an application is installed with Xamalicious, eMalware attempts to obtain access privileges using social engineering techniques and then establish communication with a control server. The server can order the download of additional software to take complete control of the device. This means that no further user intervention will be needed so that the attacker can do whatever he wants with the device.

Among the things that the phone “Can do on its own” are install other applications or click on ads. In this way, criminals generate income from applications that pay to visit sites or view ads.

The 13 applications we mentioned above are the ones that passed Google Play controls. McAfee found the malware in a total of 25. The researchers believe that the use of the Xamarin framework and the APK file construction process helped hide the malicious code. To this we must add other obfuscation techniques and the use of custom encryption for communication with the control server

From McAfee they estimated that Among Google Play users alone there are 327,000 compromised devices. Most of them are in the United States, Brazil and Argentina although cases were also detected in the United Kingdom, Spain and Germany. No information is known about the other stores.

When McAfee notified them Google removed the apps, but it is recommended to manually remove them from devices

The titles are:

  • Essential Horoscope for Android: Horoscope application with a total of 100,000 downloads.
  • 3D Skin Editor for PE Minecraft: Minecraft editor with the same number of downloads.
  • Logo Maker Pro: A logo maker that also had 100.000 downloads.
  • Auto Click Repeater: This click automator achieved 10,000 downloads.
  • Count Easy Calorie Calculator: A calorie counter reached the same amount
  • Sound Volume Extender: Volume booster app that had 5,000 downloads.
  • LetterLink A game that had 1,000 downloads.
  • NUMEROLOGY: PERSONAL HOROSCOPE & NUMBER PREDICTIONS: Horoscope and numerological predictions. The same amount.
  • Step Keeper: Easy Pedometer: A step counter with 500 shocks.
  • Track Your Sleep: Sleep tracking app reached the same amount.
  • Sound Volume Booster: Another volume booster with only 100 Downloads.
  • Astrological Navigator: Daily Horoscope & Tarot: Another horoscope and tarot with the same amount.
  • Universal Calculator: A calculator, equal amount.

Some safety tips

As the grandmothers said, they surely took him to prison. We are talking about applications downloaded from the official store. However, we can always reduce the risks with these actions:

  • Keep your operating system and applications updated: Software updates often include security patches that protect your device against new malware threats. Make sure you keep your operating system and all applications up to date.
  • Download applications only from Google, Amazon, F-Droid stores or that of your device manufacturer. Avoid download sites and patched payment sites.
  • Pay attention to the comments from other users and their ratings. Also to the developers' responses.
  • Don't click on any link Do not download files from dubious origins.
  • Activate two-factor authentication: As annoying as it is, two-factor authentication adds an extra layer of security by asking you for manual confirmation that you are the one logging in.
  • Don't use unsecured public Wi-Fi networks: In fact, don't use public networks, period. And, if you insist on doing so, use a virtual private network to encrypt the connection.