Xavier is all over the place!
Over 800 various Android apps are found to be affected with malware ad library that quietly collects sensitive user data and can perform dangerous activities. These apps can be utility apps, antivirus, volume booster, call recorder, video convertor or any other app.
According to security researchers at Trend Micro, the malicious ad library Called “Xavier” detected as “ANDROIDOS_XAVIER.AXM” silently infects and/or steals the user’s information and leaks personal information. It comes pre-installed on a wide range of Android applications.
See Also: 14 Best Android Security Apps
The majority of downloads came from countries like Indonesia, Philippines, and Vietnam while some of the downloads attempts were from European countries and the United States.
Xavier’s history and features of latest released Xavier Malware
Xavier is not a new malware. In fact, it belongs to AdDown family which was discovered two years ago with remote code execution capabilities. Its first version appeared in 2015 and was named as “Joymobile” by researchers, while Xavier itself was detected in September 2016.
Earlier Xavier was harmless, as it was only able to install other application package files. But the latest release is extensive. It has the ability to evade detection using data and communication encryptions, execute malicious code from a remote server (Command & Control, or C&C Server) and steal user and device information.
How Xavier avoids detection?
As the new variant is dangerous and complex, it has certain features which makes its detection not easy:
1) It encrypts all constant strings, making static detection and manual analysis more difficult.
2) It uses HTTPS for transmission to prevent its traffic from being caught.
3) It sends encrypted data.
4) It can changes its behavior based on the running environment.
5) It cannot be easily detected by the Traditional Detection method.
How to protect yourself?
Google after being warned about the malware is removing the infected apps, but this doesn’t mean that Play Store will be totally malware free or it won’t strike again.
Xavier is a clever piece of malware, thus one should be cautious while downloading an app.
The easiest way to prevent yourself from being a victim is to be cautious of suspicious applications, even while downloading them from official Play Store try to download from trusted source only.
Besides, check the reviews left by other users who have downloaded the app and verify app permissions before installing any app and grant permissions to only those that are relevant for the app’s purpose.
Last but not the least, you should always use an updated and good antivirus application on your device that can detect and block malware before they can infect your device.
And if you do not want all that hassle, simply download Systweak Anti-Malware. The app has a fairly good rating on Play Store. It helps you detect corrupt Apk files easily and ensures your device’s overall security. You can get it on Google Play Store or download it by clicking on the button below
To know more about infected Apps, click here.
What is Google doing to ensure tight-security for Android?
Not just Xavier, Android malware continue to advance with each passing day with never-seen-before capabilities. In our earlier posts we have discussed about various Android malware which pose serious threats to your phone security. Google has taken action by removing such apps but this does not guarantee that you are protected. One should be careful while downloading apps.
Android is one of the most targeted smartphones operating systems in the world, therefore users should always use a verified security software to scan their devices.
To protect the users from such attacks Google is paying hackers and security researchers $200,000 for reporting bugs in Android.
Make sure you are doing your bit too!