McAfee discovered a new Android backdoor, dubbed "Android/Xamalicious." The malware has been created with the open-source framework Xamarin. The distribution occurs via malicious Android applications available on Google Play. Reportedly abused applications include:
Essential Horoscope
3D Skin Editor
Logo Maker Pro
Auto Click Repeater
Count Easy Calorie Calculator
Sound Volume Extender
LetterLink
Numerology
Step Keeper
Track Your Sleep
Sound Volume Booster
Astrological Navigator
Universal Calculator
Dots Link Puzzles
Once installed, the malicious application operates as a stager responsible for acquiring permissions from the user, downloading, and installing a second-stage malware with the capability to take control of the device. It can perform fraudulent actions, such as clicking on ads and installing apps without user consent.
The malware has a self-update function that enables a wide range of threats, including serving as an access broker for the deployment of additional malware, information stealing, and banking trojan-like activities. However, the main malicious activity observed so far appears to be operating as a bot to perform revenue-generating clicks without any actual user interaction.
Reports suggest over 300 thousand devices have been affected globally.