Beware of new Android malware hiding in popular apps

New virus able to get around Google's strict Play Store protections

'CyberGuy' reveals one spoof you won't find funny

Kurt Knutsson discusses how hackers can send text messages from your phone without you knowing.

A new Android Trojan could be targeting your brand-new device. Even more terrifyingly, it was distributed on the Google Play Store. The virus is posing as innocent apps related to health, games, horoscope, and productivity. Google has removed those apps from the Play Store, but not before they were reportedly downloaded by hundreds of thousands of users worldwide, and they could still be lurking on the web.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Beware of new Android malware hiding in popular apps

Image of Android (Kurt "CyberGuy" Knutsson)

What is Xamalicious and how does it work?

The Xamalicious Trojan uses innocent apps to bypass your accessibility features. It then takes over your phone using features that are normally locked down to take control of your device. Specifically, the Trojan scans your device for any information it can use in a hack: your OS, location, contacts, passwords, and more. It then executes a code to take over your device and take your information.

So far, the virus has been attached to 13 apps on Google Play that have since been deleted. Google removing an app from its store doesn’t delete it from your device. If you have any of the following apps installed, delete them immediately:

  • Step Keeper: Easy Pedometer
  • Track Your Sleep
  • Essential Horoscope for Android
  • 3D Skin Editor for PE Minecraft
  • Logo Maker Pro
  • Auto Click Repeater
  • Count Easy Calorie Calculator
  • Sound Volume Extender
  • LetterLink
  • Numerology: Personal Horoscope & Number Predictions
  • Sound Volume Booster
  • Astrological Navigator: Daily Horoscope & Tarot
  • Universal Calculator

The virus doesn't work alone either. McAfee researchers found a link to another app called Cash Magnet, which can be installed by Xamalicious. That app automatically clicks ads, installs apps, sends messages, and other actions to fraudulently steal money.

Beware of new Android malware hiding in popular apps

Woman holding Android (Kurt "CyberGuy" Knutsson)

MORE: THIS STEALTHY ANDROID MALWARE CAN STEAL YOUR MONEY AND INVADE YOUR PRIVACY

How to protect yourself from Xamalicious

It's important to note that these apps might be available on third-party app markets or online.

1) Stick to official app stores

First, stick to official app stores like the Google Play Store, Amazon Appstore or Samsung Galaxy Store. They all have safeguards in place to detect malware, albeit not 100%. Android users are protected by Google Play Protect, which can warn you of identified malicious apps on Android devices, but this does not guarantee that all apps are safe.

2) Sideloading is a bad idea

Also, this story is a good reminder why sideloading is a bad idea. Sideloading is when you download an app straight off of a website. While it can be convenient, you never know what might be lurking in those files.

3) Have good antivirus software on all your devices

You should always have good antivirus software running on all your devices. Antivirus software helps protect you from clicking on potentially malicious links or from downloading any dangerous viruses like the Xamalicious Trojan, which could allow hackers to gain access to your personal information. Get my picks for the best antivirus protection winners for your Windows, Mac, Android & iOS devices.

Beware of new Android malware hiding in popular apps

Image of Android (Kurt "CyberGuy" Knutsson)

MORE: BEWARE OF THESE POPULAR ANDROID APPS CONTAINING DECEPTIVE ADWARE

What should you do if your data is compromised?

If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow.

Change your passwords

Xamalicious can give hackers access to your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.

Use identity theft protection

Xamalicious can access everything on your Android device, including your personal and financial information. Hackers can use this information to create fake accounts in your name, access your existing accounts, and pretend to be you online. This can cause serious damage to your identity and credit score.

To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number (SSN), phone number, and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of best identity theft protection services here.

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Restore your device to factory settings

If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. You should back up your important data before doing this, and only restore it from a trusted source.

MORE: THE 7 SIGNS YOU'VE BEEN HACKED

Kurt's key takeaways

Viruses like Xamalicious aren't anything to mess around with, especially when you consider they got around Google's strict guidelines. That's why it's so important that you stay vigilant in the app store. Only download apps from trusted publishers and read reviews.

Are you worried about Xamalicious? What steps are you taking to protect yourself? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Answers to the most asked CyberGuy questions:

Ideas for using those Holiday Gift cards:

Copyright 2024 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Authored by Kurt Knutsson, Cyberguy Report via FoxNews January 2nd 2024