i Over 800 Android Apps on Google Play Store Contain ‘Xavier’ Malware – All things in moderation

Over 800 Android Apps on Google Play Store Contain ‘Xavier’ Malware

We often get advice from security experts not to download applications from third parties. But in recent days researchers have discovered that malicious code appears on the Google Play Store.
The IT security researchers at Trend Mirco have discovered that over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations.
The infected apps belong to categories like photo manipulators, utilities, ringtone chargers, anti-virus, volume booster, speed booster, video converter, call recorder, and wallpaper apps downloaded millions of times by users around the world.

The majority of downloads came from countries like Indonesia, Philippines, and Vietnam while some of the downloads attempts were from European countries and the United States.

What does Xavier malware do?
Xavier is not a new malware, in fact, it belongs to AdDown family which was discovered two years ago with remote code execution capabilities. Its first version appeared in 2015 and dubbed by researchers as “Joymobile” while Xavier itself was detected in September 2016.

Image Credit :Trend Micro

In the latest release, the malware author has replaced those features with more sophisticated ones, including:
Evade Detection: Xavier is smart enough to escape from being analyzed, from both static and dynamic malware analysis, by checking if it is being running in a controlled environment (Emulator), and using data and communication encryptions.
Remote Code Execution: The malware has been designed to download codes from a remote Command & Control (C&C) server, allowing hackers to remotely execute any malicious code on the targeted device.
Info-Stealing Module: Xavier is configured to steal devices and user related information, which includes user’ email address, Device id, model, OS version, country, manufacturer, sim card operator, resolution, and Installed apps.

What should Android users do
– Should not downloading other applications is not necessary
– Download application from official Play Store and try to stick to the trusted brands only
– Verify when granting permissions to the application during installation
– Install antivirus software and keep it updated


Leave a Reply