Xavier, a new malware discovered for the Android operating system, was discovered by cybersecurity firm Trend Micro in over 800 apps on the Google Play Store.
Xavier is not like most Android malware that have been detected though, as it has a few tricks that make it a bit more dangerous.
Xavier Malware Found In Android Apps
According to Trend Micro, Xavier is capable of stealing and leaking the user information stored in an infected Android smartphone. Alarmingly, the malware was discovered in over 800 apps on the Google Play Store, ranging from picture editors to ringtone changers.
Xavier has mostly affected Southeast Asia, with the top three countries in terms of the highest number of download attempts being Vietnam, Philippines, and Indonesia. There are fewer download from the United States and Europe, but that does not necessarily mean that users from these locations are safe from the malware.
The discovery of Xavier follows Judy, which was described as possibly the largest ever Android malware campaign. Judy, which infected as many as 36.5 million devices, enabled an illicit ad-clicking function that allowed the company behind the malware to generate revenue from Google ads.
What Makes Xavier Different?
Judy and Xavier are both malware that infect Android devices, but they have different purposes. The perpetrators of Judy unleashed the malware to earn money from fraudulent ad clicks, while the attackers behind Xavier look to acquire user data from infected smartphones. Xavier is also capable of downloading and running code in infected devices.
The arguably more malicious intent behind Xavier, however, is not what differentiates it from most malware. According to Trend Micro, after Xavier downloads codes from a remote server and executes them in an infected Android device, it uses various techniques to make it nearly undetectable.
Xavier is a new version of AdDown, a group of malware that started two years ago. Xavier, however, has added encryption and a secure connection to its features. Through them, Xavier can transmit information siphoned from a victim's device to a remote server without any knowledge of the affected user.
How To Protect Yourself Against Xavier And Other Malware
Xavier is a scary piece of malware, and Trend Micro has listed the Android apps carrying it on the third page of its report. Users who have installed any of them are highly recommended to delete the Xavier-carrying app, and if possible, to also perform a factory reset on their device after backing up data. Just to be safe, users could also change the passwords on the online accounts that they access through their Android device.
To further protect themselves from Xavier and other forms of malware, users are also recommended to only download apps from known companies. It is not enough that the app is present in the Google Play Store; users should check the background of the app makers to see if they are legitimate companies in good standing.
Users are also urged to install the latest versions and updates for their Android device as soon as they are made available, as they come with security patches to protect users from vulnerabilities.