Hundreds of Apps on Google Play Store affected by “Xavier” Malware

Trend Micro security researchers recently found a Trojan Android ad library called Xavier (Identified as ANDROIDOS_XAVIER.AXM), the malware takes and leaks the victim’s information quietly.

Over 800 various Android apps that have been downloaded by millions of users from the Store found to be affected with malware ad library that quietly collects sensitive user data and can perform critical actions. These apps range from utility apps such as photo manipulators to wallpaper, anti-virus, volume booster, speed booster, video converter, call recorder, and ringtone changers.

Trend Micro researchers said:
“Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis. In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware. Xavier’s behavior depends on the downloaded codes and the URL of codes, which are configured by the remote server.”

Recommendations:
The simplest method to evade a clever malware like “Xavier” is to not install apps from unknown sources, even if they are from legitimate app stores like Google Play.

Also reading reviews from other users who have downloaded the app will be useful. Users can be an excellent reference of insights, especially if they can indicate whether a specific app shows suspicious behaviour. Also updating and patching mobile devices will help users to have better security.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

Halliburton Cyberattack Update: Losses Worth $35 Million Hit The Firm