Sunday, April 14, 2024
HomeTechnologySneaky Android Backdoor 'Xamalicious' Infects Over 300,000 Devices, Raising Vigilance Concerns

Sneaky Android Backdoor ‘Xamalicious’ Infects Over 300,000 Devices, Raising Vigilance Concerns


  • Over 338,000 Android devices infected by “Xamalicious” Android backdoor via malicious apps on Google Play & unofficial stores.
  • Popular apps like Essential Horoscope & 3D Skin Editor for PE Minecraft were infected (now removed from Google Play).
  • Past installations still pose a threat; manual scans and security checks are crucial.
  • Xamalicious uses Accessibility Service to control devices and downloads further payloads from its C2 server.
  • Stay vigilant, use only trusted app stores, and regularly scan your device for potential threats.

A recent security discovery by McAfee has revealed a stealthy Android backdoor named “Xamalicious,” infecting over 338,300 devices worldwide. While the malicious apps responsible have been removed from Google Play, the threat remains for users who installed them between mid-2020 and December 2023. This underscores the importance of vigilance and proactive device security measures.

User Impact: Past Infections Remain a Threat

Although the infected apps are no longer available on Google Play, anyone who installed them during the active period still carries the risk of an active Xamalicious infection. Regular scans and manual checks are crucial to eliminate any lingering traces of the malware.

Some of the most popular infected apps include Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, Logo Maker Pro, and Auto Click Repeater. Users who downloaded these apps are advised to immediately scan their devices and consider a factory reset as a last resort.

Also Read: NASA’s Europa Clipper Project: Name-Sending to Space

Spread Through Unapproved Stores: Sideloading Risks

Beyond Google Play, a separate set of 12 malicious apps carrying Xamalicious targets users who download APK files from unapproved third-party app stores. This highlights the inherent risks associated with sideloading apps, and users should stick to trusted sources like Google Play for their app downloads.

Geographical Impact: Global Reach Highlights Widespread Threat

McAfee’s telemetry data reveals that Xamalicious infections are not geographically limited. Countries like the United States, Germany, Spain, the UK, Australia, Brazil, Mexico, and Argentina have seen a significant number of affected devices, emphasizing the global reach of this threat.

Android Malware
@image: Spiceworks

What is Xamalicious?: Unpacking the Malicious Code

Xamalicious is a .NET-based Android backdoor disguised within apps built using the Xamarin framework, making code analysis complex. It relies on Accessibility Service access to perform privileged actions like navigation gestures, hiding on-screen elements, and even granting itself additional permissions.

C2 Server Interaction: Remote Control & Second-Stage Payload

Following installation, Xamalicious contacts a remote command and control (C2) server. If specific conditions like geographical location, network configuration, and device status are met, the server delivers a second-stage payload that grants even greater control over the infected device.


The Xamalicious discovery serves as a stark reminder of the ever-evolving landscape of cyber threats. Users must remain vigilant when downloading apps, even from official stores, and prioritize robust security measures like antivirus software and regular system scans to protect their devices from such malicious actors.


AI was used to conduct research and help write parts of the article. We primarily use the Gemini model developed by Google AI. While AI-assisted in creating this content, it was reviewed and edited by a human editor to ensure accuracy, clarity, and adherence to Google's webmaster guidelines.

Tech Today India
Tech Today India
Hi,I am the author here at Tech Today India. Hope you like the content.Cheers.

Most Popular

Recent Comments

NVIDIA CES 2024 Highlights: Unveiling the Future From Zero to Hero: These Under 20k Phones Will Level Up Your Life! Google Pixel 8 and Pixel 8 Pro Launch in India Ransomware Group Claims Breach of Sony Group and Threatens to Sell Stolen Data The Ongoing Battle Against Cheaters in Call of Duty