近日,安全公司McAfee发布了一份报告,指出安卓设备正在大规模感染恶意软件“Xamalicious”。该恶意软件已经影响了至少33.83万台安卓设备,并在谷歌Play Store上发现了14款问题应用程序,其中一款下载量超过10万次。McAfee和App Defense Alliance合作,识别出受感染的应用,目前已经向谷歌报告调查结果,并采取了相应的补救措施。
“Xamalicious”是一种复杂的后台攻击方式,它通过嵌入到安卓应用中进行分发。该恶意软件主要使用了Xamarin开源框架中的漏洞,后者是一个开源平台,让开发人员使用.NET构建Android和iOS应用程序。Xamalicious调用“Core.dll”和“GoogleService.dll”两个动态链接库(DLL),请求访问辅助功能服务,执行导航手势、隐藏屏幕上的元素以及自我授予其他权限等操作。用户设备一旦感染“Xamalicious”,就会与命令和控制(C2)服务器通信,等待指令以获取辅助有效载荷“cache.bin”。
该恶意软件的活动可能包括通过名为“Cash Magnet”的应用程序执行广告欺诈,该应用程序会点击广告并安装用户不知情的广告软件,从而为攻击者创收。这种利用会导致设备性能下降,并可能耗尽网络带宽。
McAfee表示,他们将继续监控该恶意软件的活动,并采取必要的措施,以确保用户的安全。
英文标题:Andriod devices hit by malicious software, McAfee reports
英文翻译:A report by security company McAfee has revealed that Android devices are affected by a malware called “Xamalicious”, which has affected at least 3.383 million devices. The report found that 14 problem applications were discovered on the Google Play Store, with one of them having more than 10 million downloads. McAfee and App Defense Alliance have collaborated to identify infected applications and have taken appropriate remediation measures. The malware uses vulnerabilities in the Xamarin open-source framework, which allows developers to build Android and iOS applications using .NET. The malware calls “Core.dll” and “GoogleService.dll” two dynamic link libraries (DLLs) to request access to the辅助功能服务, which allows for actions such as navigation gestures, hiding elements on the screen, and self-granting other permissions. When a user’s device is infected with “Xamalicious”, it communicates with the command and control (C2) server to wait for instructions to obtain the cache.bin file.
The malicious software’s activities may include executing ad fraud through an application called “Cash Magnet”, which clicks ads and installs unknown ad software on the user’s device, potentially generating revenue for the attacker. This can lead to decreased device performance and may consume network bandwidth.
McAfee said they will continue monitoring the malware’s activities and take necessary measures to ensure the safety of users.
【来源】https://www.ithome.com/0/742/336.htm
Views: 1