13 Malicious Android Apps You Need to Remove Immediately

According to BGR , Google has removed these apps from Google Play, but they may still be on users' phones, so experts warn users to remove them as soon as possible and keep an eye on their accounts.

The list of infected apps that have been removed from Google Play includes:

1. Essential Horoscope for Android (100,000 downloads).
2. 3D Skin Editor for PE Minecraft (100,000 downloads).
3. Logo Maker Pro (100,000 downloads).
4. Auto Click Repeater (10,000 downloads).
5. Count Easy Calorie Calculator (10,000 downloads).
6. Sound Volume Extender (5,000 downloads).
7. LetterLink (1,000 downloads).
8. NUMEROLOGY: P ERSONAL HOROSCOPE & NUMBER P REDICTIONS (1,000 downloads).
9. Step Keeper: Easy Pedometer (500 downloads).
10. Track Your Sleep (500 downloads).
11. Sound Volume Booster (100 downloads).
12. Astrological Navigator: Daily Horoscope & Tarot (100 downloads).
13. Universal Calculator (100 downloads).

Xamalicious is an Android backdoor built on the Xamarin open-source mobile application platform, McAfee said. Apps infected with Xamalicious use social engineering tactics to gain access privileges, at which point the device begins communicating with a command-and-control (C&C) server without the device owner's knowledge.

That server then downloads a second payload to the phone, which can “take full control of the device and potentially perform fraudulent actions like clicking on ads, installing apps, and other financially motivated actions without the user’s consent.”

According to McAfee, the use of the Xamarin framework allows malware authors to remain undetected for long periods of time, taking advantage of the APK build process that acts as a packager to hide the malicious code. Additionally, malware authors also deploy various obfuscation techniques and custom encryption to exfiltrate data and communicate with the C&C server.

Again, these apps are no longer available for download on Google Play. That's good news, but Google can't remotely remove them from a user's phone if they've downloaded them.