Xavier Malware Infects over 800 Android Apps on Google Play Store

Xavier malware For Mobile App Security

Xavier Malware Infects over 800 Android Apps on Google Play Store

By Parthipan Baktavatsalam  Project Manger

Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations.

According to security researchers at Trend Micro, the malicious ad library comes pre-installed on a wide range of Android applications, including photo editors, wallpapers and ringtone changers, Phone tracking, Volume Booster, Ram Optimizer and music-video player.

How does Xavier Malware work?

The previous variant of Xavier Ad library was a simple adware with an ability to install other APKs silently on the targeted devices, but in this latest release, the malware author has replaced those features with more sophisticated ones, including:

Evade Detection: Xavier is smart enough to escape from being analyzed, from both static and dynamic malware analysis, by checking if it is being running in a controlled environment (Emulator), and using data and communication encryptions.

Remote Code Execution: The malware has been designed to download codes from a remote Command&Control (C&C) server, allowing hackers to remotely execute any malicious code on the targeted device.

Info-Stealing Module: Xavier is configured to steal devices and user related information, which includes user’ email address, Device id, model, OS version, country, manufacturer, sim card operator, resolution, and Installed apps.

According to the researchers, the highest number of infected users are from Southeast countries in Asia such as Vietnam, Philippines, and Indonesia, with fewer number of downloads.

How to defend from this malware

The simplest way to prevent the malware like Xavier is to be aware of application behaviour, even when you download them from the official Play Store App reviews can expose the true nature of the app, as many users would have pointed out the suspicious behaviour.

Timely updates of Operating system and its patches can also help to defend against the malware.

Quixxi Vulnerability Assessment performs detection against malware and it can be used to test the apps before deployment to the play store to confirm that there is no malware is present in the signed build.

Quixxi also offers a Security Wrapper which is a multilayered binary protection engine. It uses military grade cryptography standards and security algorithms to prevent reverse engineering, malware and tampering.

To know more about Quixxi and how to protect your mobile apps and your business, click here