Categories: Security

Xavier Malware Found in Androids Can Steal Your Information

Although each Google Play app submission must pass through a machine-aided and human approved review process to determine the safety of the app, viruses continue to plague app store users. Beware of the most recent ad library-based trojan, nicknamed Xavier. It bypassed the Google Play security system through the installation of free apps and was downloaded on Android smartphones across the globe. The Full Virus Scan feature could have protected Android users from this attack, which is why you should download now for future security threats:

This new version of the AdDown malware family is present in as many as 800 separate apps available through the Google Play store, according to a recent study from Trend Micro. Security researchers detected the malicious ad library in a wide range of applications, from utility apps such as photo editors to downloadable ringtones. While instances of hacking through this trojan were most successful in the Philippines and Vietnam, Android users in the U.S. and Europe also experienced difficulties stemming from infected apps.

How it Works

This malicious ad library reaches consumers through free apps which rely on advertising to generate revenue. The malware is preinstalled on these seeming innocuous applications to gain access to users’ phones and personal data. Once inside the phone, Xavier is able to download and execute codes from a remote server while relying on layered encryption tools, emulator detection, and a self-protecting mechanism to cover these tracks. Once it is able to download the code from the remote server, Xavier is then able to access and transmit sensitive data from the smartphone back to the same server.

What it Can Take

Thanks to these sophisticated encryption and protection methods, Xavier is able to access smartphone users’ personal data virtually undetected. While these protection measures are at work, the trojan is able to access, encrypt and transmit users’ email addresses, installed apps, OS version, the device’s ID and device manufacturer. Beyond posing a threat to the security of Android users’ personal data, Xavier also enables hackers to run malicious code on the compromised device and allows them to install APK files on the phone’s hardware.

How to Protect Yourself

To protect Androids and the personal information stored on them from Xavier, users should take extra care when downloading new apps. Security experts suggest sticking to trusted application and thoroughly reading app reviews and permissions before downloading unknown apps. You should only grant permissions that are necessary to the application’s function and consider implementing the Full Virus Scan feature and leaving it on at all times on your Android device. With Full Virus Scan, you can also do scheduled scans so you know your device is constantly being monitored.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.