Recently, over 800 applications on Google Store have been detected with a new Android malware called Xavier. Xavier was discovered by cyber security firm Trend Micro. This malware is not your typical malware since it has a few tricks up its sleeves which make it even more dangerous than your usual Android malware. This malware first emerged way back in September 2016 and is a member of the Ad Down malware family which is known for posing severe threats to many all Android users.
Most of Google Play Store’s apps are free for anyone to download and advertising on these free apps is one of the sources of revenue for its developers. They integrate the Android SDK Ads library on their apps so that these apps will display ads which usually do not affect the app’s main functionality. According to Trend Micro, the malicious ad library is preinstalled on a great number of Android devices such as photo editors, wallpapers, ringtone changers, phone tracking, ram optimizer and many more apps. And so through this ads library, Xavier was able to attach itself on these apps.
As per Trend Micro, Xavier malware has the ability to steal and leak your information stored on your Android device. Apart from that, Xavier malware contains the following functionalities:
- It can evade detection: this is one of the reasons why Xavier malware is not your typical malware because it is smart enough to escape from being analyzed both from static and dynamic malware analysis. It escapes detection by checking if it is being run in a controlled environment (Emulator) and uses data and communication encryptions to do so.
- It has remote code execution: unlike your typical malware, Xavier is designed to download codes from a C&C (Command & Control) server which allows cyber criminals to execute any malicious code on the targeted Android device.
- It can steal your information: as mentioned, Xavier has the ability to steal all the information on your Android device such as the email address, device id, model, OS version, all the installed apps, basically everything it can find on the device.
The Xavier malware has affected mostly the Southeast Asian part including the top three countries which are Philippines, Vietnam and Indonesia that has the highest number of download attempts. There have been a fewer downloads from the United States as well as from Europe but that does not mean that they are any safer than the top three affected countries.
Android malware continues to wreak havoc amongst Android users and has evolved with even more sophistication and unique capabilities as time passes. And so Android users must be very careful and beware of such threats before it’s too late.
To protect yourself against Xavier and other Android malware, you have to be mindful when downloading any apps and always be on the lookout for fishy applications even when you’re downloading from Google Play Store. After all, it is already proven that Google Play Store is not immune to these kinds of threats. And before you tap the install button, it would be best if you check the reviews of the app from the users first, that way, you’ll know if the app is a trusted one or not. Aside from that, it would also help if you check the background of each app’s developers, it may take time but it’s definitely worth it especially now that Android malware as become rampant. That way you’ll know if these developers or companies are legitimate or not.
We all know that Google Play Store is not the only place where we can find apps. Sometimes, there are even apps that aren’t found on Play Store and are found on some free sharing sites. If you’re one of those people who are fond of downloading apps from free sharing sites, then you must carefully choose reliable and trusted sites to prevent downloading a corrupted and infected APK file.
Last but definitely not the least, having an antivirus application on your app would be a big help in protecting your Android device from the malware’s attacks since they come with security patches that protects your device from vulnerabilities. So if you don’t have one yet, you should get one now. And always remember the reminders above when choosing applications.