Beware of new Android malware hiding in popular apps

A new Android trojan could be targeting your brand new device. Even more terrifyingly, it was distributed on the Google Play Store. The virus is posing as innocent apps related to health, games, horoscope, and productivity. Google has removed those apps from the Play Store, but not before they were reportedly downloaded by hundreds of thousands of users worldwide and they could still be lurking on the web.

 

What is Xamalicious and how does it work?

The Xamalicious trojan uses innocent apps to bypass your accessibility features. It then takes over your phone using features that are normally locked down to take control of your device. Specifically, the trojan scans your device for any information it can use in a hack: your OS, location, contacts, passwords, and more. It then executes a code to takeover your device and take your information.

So far, the virus has been attached to 13 apps on the Google Play that have since been deleted. Google removing an app from its store doesn’t delete it from your device. If you have any of the following apps installed, delete them immediately:

  • Step Keeper: Easy Pedometer
  • Track Your Sleep
  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Sound Volume Extender
  • LetterLink
  • Numerology: Personal Horoscope & Number Predictions
  • Sound Volume Booster
  • Astrological Navigator: Daily Horoscope & Tarot
  • Universal Calculator

The virus doesn’t work alone either. McAfee researchers found a link to another app called “Cash Magnet” which can be installed by Xamalicious. That app automatically clicks ads, installs apps, sends messages, and other actions to fraudulently steal money.

 

MORE: THIS STEALTHY ANDROID MALWARE CAN STEAL YOUR MONEY AND INVADE YOUR PRIVACY

 

How to protect yourself from Xamalicious

It’s important to note that these apps might be available on third-party app markets or online.

1) Stick to official app stores

First, stick to official app stores like the Google Play Store, Amazon App Store, or Samsung Galaxy Store. They all have safeguards in place to detect malware, albeit not 100%.  Google Play Protect, the on-device malware protection on Android devices with Google Play Services, protects you from this malware both on and off-Play. If you already had one of these apps known to contain the malware installed, you would have already received a warning, and it would automatically be uninstalled from your device. If you try to install an app with this identified malware, you’ll get a warning, and the app will be blocked from being installed.

However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. That’s why we recommend a third-party antivirus software to protect you.

 

2) Have good antivirus software on all your devices

Special for CyberGuy Readers: 

Best Antivirus Protection 2024

 

3) Sideloading is a bad idea

Also, this story is a good reminder of why sideloading is a bad idea. Sideloading is when you download an app straight from a website. While it can be convenient, you never know what might be lurking in those files.

MORE: BEWARE OF THESE POPULAR ANDROID APPS CONTAINING DECEPTIVE ADWARE

 

What should you do if your data is compromised?

If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:

Change your passwords

Xamalicious can give hackers access to your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.

Use identity theft protection

Xamalicious can access everything on your Android device, including your personal and financial information. Hackers can use this information to create fake accounts in your name, access your existing accounts, and pretend to be you online. This can cause serious damage to your identity and credit score.

To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number (SSN), phone number, and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard.

Read more of my review of best identity theft protection services here.

Best identity theft protection services 2024

 

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Restore your device to factory settings

If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. You should back up your important data before doing this, and only restore it from a trusted source.

MORE: THE 7 SIGNS YOU’VE BEEN HACKED

 

Kurt’s key takeaways

Viruses like Xamalicious aren’t anything to mess around with, especially when you consider they got around Google’s strict guidelines. That’s why it’s so important that you stay vigilant in the app store. Only download apps from trusted publishers and read reviews.

Are you worried about Xamalicious? What steps are you taking to protect yourself? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Answers to the most asked CyberGuy questions:

 

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

North Korean hackers use disguised apps to target Macs with hidden malware

How to use iPhone’s mic mode for crystal-clear, noise-free calls

Free email services are costing you more than you think