With millions of apps comprising of Google’s Play Store, almost 90 percent of these are free to download. Android’s massive user base has caught the attention of hackers and cyber criminals who have managed to bypass Google’s security on Play Store and upload apps infected with malware. An intelligence security firm Trend Micro has discovered a malware called ‘Xavier’ that has infected more than 800 Android apps on Google Play Store.
“Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis. In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware. Xavier’s behaviour depends on the downloaded codes and the URL of codes, which are configured by the remote server,” Trend Micro wrote in its report.
Is Xavier a new malware?
Xavier is not a new malware and a member of AdDown family which was discovered two years ago. The research report cites that the first version called ‘joymobile’ appeared in early 2015 and it was capable of ‘remote code execution.’ While the ‘previous variant’ of Xavier Ad library was a simple adware that installed other APKs silently on targeted devices, the new version comes with additional capabilities like evading detection, stealing information and remote code execution. The malware can evade both static and dynamic malware analysis, can download codes from a remote-control Command and Control (C&C) server, and steal users’ credentials that include users’ email address, device ID, model, OS version, country, manufacturer, sim card operator, resolution, and installed apps.
List of apps infected by malicious Xavier ad library
Trend Micro has listed around 75 Android apps that are infected by this malware. Some these apps include- ‘photogrid.frame.photocollage‘, ‘forecast.weatherlive.weather’, ‘finder.photo.imagessearch‘, ‘galaxygame.fighterwar‘, ‘live3d.wallpaperlite‘, ‘camspecial.clonecamera‘ etc. You can check the entire list of infected Android apps here. Thankfully, Google has removed these infected apps from Play Store. But if you happen to have installed any of these apps, you should remove it immediately.
What should Android users do to save their devices from this malware?
Apps infected with malware have been a severe problem for users and even for app developers. While the google puts effort to remove these infected apps, users should also be careful while downloading apps on their smartphones. Researchers have always urged users, primarily Android users to check reviews of an app before downloading it, check the permissions an app. Users should install verified security software (Mostly from Playstore)to avoid their device from being infected by such malware and save from facing any potential threat.
source
Comments
Post a Comment