Xamalicious Android malware distributed through the Play Store


McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions.

The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.

Xamalicious relies on social engineering to gain accessibility privileges, then it connects to C2 to evaluate whether or not to download a second-stage payload. The malicious payload is dynamically injected as an assembly DLL at runtime level to take full control of the device and perform a broad range of fraudulent actions such as clicking on ads and installing apps.