Beware of these malicious apps if you own a Google Pixel phone

One of the aspects that Google has focused on the most for years is Android security, constantly cleaning its Play Store and establishing new guidelines for the privacy of user data.

However, that does not prevent some apps with malicious intentions from still sneaking in for a short time, among which there are 13 that you should avoid if you want to maintain the security of your data on your Google Pixel (or any Android) phone.

An analysis by the McAfee team found that the Google Play Store hosted 13 apps infected with the Xamalicious malware, three of them having more than 100,000 installations under their belt. It should be noted that these apps were already removed some time ago, but those who have installed them at some point since mid-2020 could be infected by the malware in question.

The full list of apps infected with Xamalicious is as follows:

1. Essential Horoscope for Android: 100,000 installs
2. 3D Skin Editor for PE Minecraft: 100,000 installs
3. Logo Maker Pro: 100,000 installs
4. Auto Click Repeater: 10,000 installs
5. Count Easy Calorie Calculator: 10,000 installs
6. Sound Volume Extender: 5,000 installs
7. LetterLink: 1,000 installs
8. NUMEROLOGY PERSONAL HOROSCOPE & NUMBER PREDICTIONS: 1,000 installs
9. Step Keeper: Easy Pedometer: 500 installs
10. Track Your Sleep: 500 installs
11. Sound Volume Booster: 100 installs
12. Astrological Navigator Daily Horoscope & Tarot: 100 installs
13. Universal Calculator: 100 installs

The report indicates that the security of around 327,000 devices was compromised due to the installation of these apps before they were removed from the Play Store. Also, the largest number of installations of these apps occurred in the United States, Spain, Australia, Germany, the U.K., Argentina, Brazil, and Mexico (not in order).

There are 12 other apps infected with Xamalicious, although these were never in the Play Store but could be installed through alternative app stores, so the installation metrics for those apps are unknown.

Xamalicious is malware that, once installed, seeks to execute some key commands that help it take control of your device and violate both your privacy and the security of your data. It tries to get sensitive information such as your location, the list of apps installed on your device, all the hardware details of your device, obtain root access, and even accessibility permissions, among others.

Plus, even if the malware cannot access any of this data or permissions on your device, its simple execution without you realizing it, can cause a notable decrease in the performance of your device or your network.

It should be noted that, for this type of malware to be successful, the user themselves must grant it the necessary permissions. For example, in the screenshot below, you can see how the ‘NUMEROLOGY PERSONAL HOROSCOPE & NUMBER PREDICTIONS’ app asks the user for sensitive permissions to control what happens on their device:

So, common sense is another security barrier against these types of threats, and you must read carefully what permissions any app requests from you before granting them.

Source