Posted on June 27, 2017 at 11:56 AM
The malicious Xavier strain that has made Google Play Store its home was connected to multiple apps. Researchers have confirmed that this malware was already downloaded millions of times, via this method. It is especially bad since it is designed to bypass multiple methods of detection.
Upon infecting the device, the malware will try to steal sensitive data and send it to the hacker that left it in the play store. This sensitive data may include user logins, email addresses, and similar info. Of course, this is all done quietly as a background process, so that the user wouldn’t even know about it.
The Xavier malware can do even more than that. For example, it can download and install other malicious apps. This is also done without any detection, which poses a problem to every Android user out there.
It was discovered by Trend Micro’s researchers, and according to them, over 800 apps within Google Play Store are infected with this malware. They mostly include apps related to photo manipulation or wallpaper changers.
The malware was found to have multiple new features that make it different from the earlier versions of its ad library. Those include the embedded malicious behavior, mostly the ability to download codes and loads and execute them. Next, the malware does a lot to prevent security systems from detecting it. It even uses String encryption, emulator detection, Internet data encryption, and similar methods.
It also has a self-protect mechanism built in, which makes it difficult to detect it via static or dynamic analysis. This also includes Xavier’s stealing and leaking abilities.
This is not the first big malware to hit Google Play Store lately, In fact, it is only the last in a series of them. Just last month, it was discovered that Judy malware has infected over 36.5 million devices.
This malware was set to produce fake clicks on ads in order for its hacker to earn some money. Around 41 apps were infected with this malware, and they were downloaded around 18.5 million times. Also, the name ‘Judy‘ comes from the same character that appeared in multiple apps and was named ‘Judy the chef’.
As for Trend Micro, this security company’s advice to the Android users is to not download apps made by unfamiliar sources. This is the only safe way for avoiding malware like Xavier. The fact that the app is on Google Play Store doesn’t confirm that the app is safe.
Other than that, all you can do is read the reviews and ratings of an app that you are interested in. If users detect suspicious behavior, they usually report it, which is great for other users. Also, regular updates and patches to your phone’s system are also highly recommended. For now, the most victims of this malware are in Southeast Asia, while the downloads connected to Europe and the US are fewer in number.