Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Android Backdoor Xamalicious Uncovered

December 26, 2023
Reading Time: 2 mins read
in Alerts
Android Backdoor Xamalicious Uncovered

The McAfee Mobile Research Team has uncovered a sophisticated Android backdoor known as Xamalicious, implemented using Xamarin, an open-source framework for building Android and iOS apps with .NET and C#. This malware employs social engineering to gain accessibility privileges, communicating with a command-and-control server to decide whether to download a second-stage payload dynamically injected as an assembly DLL at runtime.

This second stage grants full control of the infected device, enabling potentially fraudulent activities such as ad clicking and app installations without user consent. The malware, financially motivated, exhibits a link with an ad-fraud app named “Cash Magnet,” emphasizing the developers’ profit-driven motives. Xamalicious’s second stage payload leverages accessibility services granted during the first stage, allowing it to self-update the main APK and perform various actions, including spyware or banking Trojan activities, without user interaction.

The malware’s connection to the ad-fraud app highlights its involvement in generating revenue by automatically engaging in deceptive actions. The usage of Xamarin provides a layer of obfuscation, enabling malware authors to remain active and undetected for extended periods, taking advantage of the build process for APK files as a form of hiding the malicious code. The malware authors further implemented obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.

Approximately 25 malicious apps carrying the Xamalicious threat have been identified, with some variants distributed on Google Play since mid-2020. McAfee’s proactive removal of these apps from Google Play underscores its commitment to the App Defense Alliance and the malware mitigation program, aiming to prevent the spread of potentially harmful applications. The threat’s impact is substantial, with an estimated compromise of at least 327,000 devices from Google Play installations and additional infections from third-party markets.

The prevalence of Xamalicious underscores the ongoing challenges in combating sophisticated mobile malware, emphasizing the need for users to install security software and stay vigilant against potential threats.

Reference:
  • Android/Xamalicious Stealthy Threat Exploits Xamarin for Device Takeover
Tags: AndroidBackdoorCyber AlertCyber Alerts 2023Cyber RiskCyber threatDecember 2023MalwareMcAfeeXamaliciousXamarin
ADVERTISEMENT

Related Posts

Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025
AMOS Mac Stealer Adds Persistent Backdoor

AMOS Mac Stealer Adds Persistent Backdoor

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

NordDragonScan Malware Steals Windows Data

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

New Ransomware BERT Targets ESXi Systems

July 8, 2025

Latest Alerts

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

New Ransomware BERT Targets ESXi Systems

NordDragonScan Malware Steals Windows Data

AMOS Mac Stealer Adds Persistent Backdoor

Subscribe to our newsletter

    Latest Incidents

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    Norwegian Municipalities Hit by Data Breach

    French Chip Firm Semco Hacked During IPO

    Louis Vuitton Korea Hit By Cyberattack

    Virginia School District Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial