A new Android malware that steals and leaks a user’s information silently is making rounds in the Google Play store. According to security researchers at TrendLabs Security Intelligence, who first detected the malware, a Trojan Android ad library called Xavier, is embedded in more than 800 applications on Android’s app store. These applications range from utility apps such as photo manipulators to wallpaper and ringtone changers, Volume Booster, Ram Optimizer and music-video player.
How does Xavier Malware work?
The previous variant of Xavier Ad library was a simple adware with an ability to install other APKs silently on the targeted devices, but in this latest release, the malware comes with some notable features that differentiate it from the earlier ad library. First, it comes with an embedded malicious behavior that downloads codes from a remote server, allowing hackers to remotely execute any malicious code on the targeted device. Second, it goes to great lengths to protect itself from being detected through the use of methods such as String encryption, Internet data encryption, and emulator detection.
The Xavier malware is configured to steal and leak user related information, such as email address, device id, model, OS version, installed apps, etc. Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.
Here is an example of an application on Google Play that contains an embedded Xavier ad library:
How much Dangerous is this Malware?
It is feared that Xavier is more widespread and dangerous when compared to Judy, which was found in over 41 apps on the Google Play Store, and infected between 8.5 million to 36.5 million users. In comparison, Xavier has been discovered in over 800 apps, which means it is likely to put a lot more users at risk.
According to TrendLabs, the affected apps have been downloaded millions of times from Google Play and the greatest number of download attempts came from countries in Southeast Asia with fewer downloads from the United States and Europe.
How to defend from the Malware?
TrendLabs Security Intelligence also put out a list of ways to keep devices safe from malware attack. This includes:
- The easiest way to avoid the cunning malware like Xavier is to not download and install applications from an unknown source, even if they are from legitimate app stores like Google Play.
- Be aware of application behavior. App reviews from other users who have downloaded the application can expose the true nature of the app.
- Updating and patching mobile devices will also help keep malware that targets vulnerabilities at bay.
- Make sure you use premium Anti-virus software, which also provides malware protection and internet security
- Never open emails sent from unknown senders
- Never install plugins (for browsers) and application software on your Android phones from unfamiliar publishers