www.verimatrix.com Open in urlscan Pro
162.159.136.54  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content
 * VMX Labs
 * Partners
 * Partners Portal
 * About
 * Verimatrix.com

 * VMX Labs
 * Partners
 * Partners Portal
 * About
 * Verimatrix.com


 * Learn
   
   Learn
   
   A closer look
   
   
   THE XTD DIFFERENCE
   
   Going beyond MTD and EDR.
   
   
   AGENTLESS TELEMETRY
   
   Cybersecurity without inconvenience to consumers.
   
   
   SHIFT LEFT – CI/CD INTEGRATION
   
   Injecting security early in the development process.
   
   
   SIEM INTEGRATION
   
   Providing a comprehensive view of your security environment.
   
   
   HUMAN & MACHINE
   
   Combining AI/ML with human expertise to respond effectively.
   
   
   ZERO TRUST
   
   Eliminating implicit trust in favor of continuous validation.
   
   VMX
   labs
   
   Our cybersecurity resource hub with the latest threat advisories and
   commentaries from experts.
   
   Visit VMX Labs
   Browse resources
    * Cybersecurity Insights
    * White Papers
    * Ebooks
    * Knowledge Base
    * Cybersecurity Manifesto
   
    * Cybersecurity Insights
    * White Papers
    * Ebooks
    * Knowledge Base
    * Cybersecurity Manifesto
   
   Get the latest cybersecurity insights
   
 * Product
   
   Verimatrix XTD™– Mobile App Protection
   
   Extended Threat Defense
   
   XTD was engineered to monitor new entry vectors from the fastest growing
   attack surface: connected apps, APIs, and unmanaged devices.
   
   View product
   XTD's powerful SaaS features
   Prevent
   
   Formerly App Shield. Start with RASP and shielding to create bulletproof
   apps.
   
   Detect & Respond
   
   Monitor and detect attacks. Receive guidance to apply countermeasures.
   
   Predict
   
   Actionable threat intelligence to prepare for future attacks.
   
   Security Center
   
   Cybersecurity Products
   
    * Web Protect
    * App Shield
    * Code Shield
    * Key Shield
   
    * Web Protect
    * App Shield
    * Code Shield
    * Key Shield
   
   Techniques
   
    * Code Obfuscation
    * Anti-tamper Technology
    * Jailbreak Detection
    * Root Detection
    * Environmental Checks
    * Anti Reverse Engineering
   
    * Code Obfuscation
    * Anti-tamper Technology
    * Jailbreak Detection
    * Root Detection
    * Environmental Checks
    * Anti Reverse Engineering

 * Customer
   Customers
   By industry
   
   
   FINANCIAL SERVICES
   
   
   BANKING
   
   
   E-COMMERCE
   
   
   HEALTHCARE
   
   
   GAMING
   
   By persona
   
   
   CISO
   
   Gain complete visibility of security risks to protect revenue streams.
   
   
   SECURITY OPERATIONS CENTER
   
   Effectively manage incident response and reporting.
   
   
   RESEARCH & DEVELOPMENT AND ENGINEERING
   
   Secure apps early in the development process for faster speed-to-market.
   
   
   FRAUD PREVENTION DEPARTMENT
   
   Strengthens anti-fraud measures by illuminating blindspots where fraudsters
   can attack.
   
   More
    * VMX Labs
    * Partners
    * Partners Portal
    * About
    * Verimatrix.com
   
    * VMX Labs
    * Partners
    * Partners Portal
    * About
    * Verimatrix.com

 * Pricing

Talk to us

Back to VMX Labs
Xamalicious Malware: Android’s Accessibility Services Exploited Once Again

Share





COMMENTARY


XAMALICIOUS MALWARE: ANDROID’S ACCESSIBILITY SERVICES EXPLOITED ONCE AGAIN

January 29, 2024

TABLE OF CONTENTS





In the dynamic world of Android-related threats, a new challenge has emerged,
once again highlighting the vulnerabilities inherent to the mobile OS’s
accessibility services. Dubbed “Xamalicious,” this insidious malware, developed
using Xamarin, an open-source mobile app framework, leverages Android’s
accessibility permissions to execute a range of malicious actions on compromised
devices.

The discovery of Xamalicious underscores a critical weakness in mobile app
security that has been repeatedly highlighted by cybersecurity experts. 

Verimatrix has noted similar issues in the past, with its VMX Lab observing the
abuse of these services in malware such as GoldDigger and Hook. These threats
utilize accessibility features for harmful activities, such as overlay attacks
and financial data theft. Verimatrix’s Extended Threat Defense system offers a
shield against such abuses.


XAMALICIOUS SNEAKS PAST GOOGLE’S SECURITY MEASURES

Xamalicious follows this troubling trend. Hidden within seemingly benign
applications, such as health, games, and productivity apps, it has been found in
25+ apps on the Google Play Store, amassing over 327,000 installations. Notably,
the most affected apps included “Essential Horoscope for Android,” “3D Skin
Editor for PE Minecraft,” and “Logo Maker Pro.” 

Once installed, Xamalicious gains access to a device’s accessibility services,
enabling it to perform privileged actions without the user’s knowledge or
consent. This capability allows it to click on ads, install apps, and even
update its main Android package file, potentially transforming it into spyware
or a banking trojan.

To elude detection, Xamalicious encrypts communications between the infected
device and its command-and-control server. This encrypted communication, coupled
with its ability to self-update, makes Xamalicious a particularly resilient and
adaptable threat. 

It’s not just limited to direct device manipulation; Xamalicious has also been
linked to ad fraud activities, significantly impacting device performance and
network bandwidth.

The prevalence of Xamalicious, especially on the official Google Play Store,
raises serious concerns about the security of mobile apps. Despite Google’s
efforts through initiatives like Play Protect and the App Defense Alliance, the
infiltration of this malware into the Play Store highlights the ongoing
challenges of safeguarding users against sophisticated threats.


A CAUTIONARY TALE OF MOBILE APP SECURITY RISKS

For Android users, this situation serves as a crucial cautionary tale,
emphasizing the need for scrutiny when selecting and downloading apps in the
first place. Avoiding third-party sources, limiting app downloads to essentials,
thoroughly reviewing user feedback, and conducting even quasi-background checks
on app developers are critical steps in mitigating the risk of malware
infections. 

Additionally, understanding and monitoring the permissions granted to apps can
help in identifying and preventing potential security breaches.

Xamalicious’s emergence is yet another call to action for both users and
developers. For users, it’s a reminder to be cautious and informed about the
apps they install and the permissions they grant. For developers and
cybersecurity professionals, it highlights the urgent need to fortify mobile app
security, particularly in areas like accessibility services, which have become a
favored conduit for malicious actors.


SAFEGUARD YOUR APPS FROM MALWARE ATTACKS!

Stay informed about the latest threats and proactive measures to protect your
apps from malware attacks. Join our newsletter now!


WRITTEN BY


DR. KLAUS SCHENK

Dr. Klaus Schenk is senior vice president of security and threat research at
Verimatrix and serves as head of its VMX Labs.



SHARE THIS CYBERSECURITY INSIGHT




OTHER CYBERSECURITY INSIGHTS

Threat Roundup


CYBERSECURITY THREAT ROUNDUP #8: AUTOSPILL, BLUFFS, XAMALICIOUS, AND MORE

Stay informed with Verimatrix’s Cybersecurity Threat Roundup. Boost your defense
strategy with timely advisories and comprehensive intelligence reports.
 * 7 days ago
 * 4 Mins

Commentary


CROSSING THE LINE: AFFILIATE-RELATED ATTACKS VIA THE POPULAR JAPANESE MESSAGING
APP

Verimatrix’s insights into the recent Line app data breach: An affiliate-related
attack compromises user data, signaling a need to bolster mobile app security.
 * 3 weeks ago
 * 2 Mins

Commentary


A SIT-DOWN WITH HEADS OF VMX LABS AND VERIMATRIX CYBERSECURITY BUSINESS

Insights from the Heads of VMX Labs and Verimatrix Cybersecurity Business reveal
the growing need for robust mobile app protection. Learn what they are here.
 * 4 weeks ago
 * 5 Mins

Threat Roundup


CYBERSECURITY THREAT ROUNDUP #7: ENCHANT, FJORDPHANTOM, IMUTA, AND MORE

Stay abreast of the latest mobile app threats with Verimatrix’s Cybersecurity
Threat Roundup. Bolster your defenses with advisories, patches, and intel
reports.
 * 1 month ago
 * 2 Mins

Follow us
Linkedin Facebook
Products
 * Verimatrix XTD
 * XTD Prevent (formerly App Shield)
 * XTD Detect & Respond
 * XTD Predict

 * Verimatrix XTD
 * XTD Prevent (formerly App Shield)
 * XTD Detect & Respond
 * XTD Predict

Industries
 * Financial Services
 * E-commerce
 * Healthcare
 * Gaming
 * Banking

 * Financial Services
 * E-commerce
 * Healthcare
 * Gaming
 * Banking

Personas
 * CISO
 * Security Operations Center
 * R&D and Engineering
 * Fraud Prevention Department

 * CISO
 * Security Operations Center
 * R&D and Engineering
 * Fraud Prevention Department

Learn
 * The XTD Difference
 * Agentless Telemetry
 * Shift Left – CI/CD Integration
 * Human & Machine
 * Zero Trust
 * SIEM Integration

 * The XTD Difference
 * Agentless Telemetry
 * Shift Left – CI/CD Integration
 * Human & Machine
 * Zero Trust
 * SIEM Integration

Resources
 * VMX Labs
 * Cybersecurity Manifesto
 * Cybersecurity Insights
 * White Papers
 * Knowledge-Base
 * Ebooks

 * VMX Labs
 * Cybersecurity Manifesto
 * Cybersecurity Insights
 * White Papers
 * Knowledge-Base
 * Ebooks

Verimatrix
 * Pricing
 * Partners
 * Partners Portal
 * About
 * Verimatrix.com
 * Contact
 * Talk to a Specialist

 * Pricing
 * Partners
 * Partners Portal
 * About
 * Verimatrix.com
 * Contact
 * Talk to a Specialist

Our Offices
United States

6059 Cornerstone Ct W,
San Diego, CA 92121

united.states@verimatrix.com

France

Impasse des carrés de l’Arc
Rond-point du Canet, 13590
Meyreuil

france@verimatrix.com



Cookies Preference | Terms of Use | Privacy Notice

© 2024 Verimatrix. All Rights Reserved
Learn
The XTD Difference
Agentless Telemetry
Shift Left – CI/CD Integration
Human & Machine
Zero Trust
SIEM Integration
Products
Verimatrix XTD™
Prevent
Detect & Respond
Predict
Security Center
Web Protect
App Shield
Code Shield
Key Shield
Code Obfuscation
Anti-tamper Technology
Jailbreak Detection
Root Detection
Environmental Checks
Anti Reverse Engineering
Customers
By Industry
Financial Services
E-commerce
Healthcare
Gaming
Banking
By persona
CISO
Security Operations Center
Research & Development and Engineering
Fraud Prevention Department
Resources
VMX Labs
Cybersecurity Manifesto
Cybersecurity Insights
White Papers
Knowledge Base
Ebooks
Pricing
More
Partners
Partners Portal
About
Verimatrix.com
Contact

Talk to a Specialist