Info-stealing malware Xavier has infected hundreds of free apps on Google Play Store
by Anton Arsenov / Jun 16, 2017, 9:28 AM
Android users beware! Over 800 Android apps Google Play Store are found to be infected with information-collecting malware dubbed Xavier. According to Trend Micro security experts, the malware has been pre-installed on a wide range of free Android applications, such as photo editors and wallpapers, and has been downloaded millions of times so far.
The Xavier malware is in fact an ad library – an element, integrated in free apps to enable advertising as a revenue source for their developers, and often referred to as adware. But being a relatively harmless and simple piece of adware when emerged two years ago, Xavier has recently evolved to a more dangerous and sophisticated kind of malicious software. Trend Micro’s security experts say it is now capable of evading detection, remote code execution, and stealing information. In other words, the malware is smart enough to escape from being analysed by security programs, it has been designed to download remotely executable codes from a server, and it is configured to silently collect sensitive user data including email address, device id, model, OS version, country, manufacturer, SIM card operator, resolution, and installed apps.
The highest number of reportedly infected users are from countries in South-east Asia such like Vietnam, Philippines, and Indonesia, with a smaller number of downloads from the US and Europe. The trend we see is more alarming since it is not the first time when Google Play Store is reported to host numerous malware infected apps. It actually happened twice just in the last few months: in March, when more than 100 Play Store apps tried to infect Android devices with Windows malware, and in May, when over 36 million Android devices where affected by the Judy malware.
Posts: 1972; Member since: May 19, 2017
Oh but I thought Android was "secure?"
posted on Jun 16, 2017, 10:24 AM 5
Posts: 1976; Member since: May 26, 2011
and this doesn't happen on iOS?
posted on Jun 16, 2017, 10:35 AM 11
Posts: 6138; Member since: Dec 02, 2011
No, malware on iOS don't have access to sensitive data like email and passwords; they had access to general system info: device name, time, uuid (info I have no problem to give for free, if an app asks me nicely).
posted on Jun 17, 2017, 12:10 AM 2
Posts: 2445; Member since: Mar 23, 2012
Android is garbage....lol Sometimes silence is the best answer to all the Android fanboy trolls. Truth (the fact than android is a stolen. poorly executed, unsafe, low quality product bought by Google for money thus no passion in developing that) will prevail no matter what they say.
posted on Jun 16, 2017, 10:58 AM 1
Posts: 403; Member since: Sep 05, 2016
Hey Poo Poo Pooyath , welcome back. Haven't seen you around lately... What a "Truth". Ouch , that hurt so baaaad !! Happy now? Go and continue playing with your Barbie dolls. Bye. Take care Poo Poo.
posted on Jun 16, 2017, 11:16 AM 4
Posts: 270; Member since: May 13, 2016
IOS users have very bad memories. How easily they forgot about XcodeGhost. https://www.macrumors.com/2015
posted on Jun 16, 2017, 10:45 AM 5
Posts: 1972; Member since: May 19, 2017
And here comes the deflecting and excuses.
posted on Jun 16, 2017, 10:52 AM 2
Posts: 6025; Member since: Aug 06, 2013
Hey Remember that time when a text message crashed iPhones, or when clicking on a link would cause the iPhone to repeatedly call 911 over and over again crippling 911 dispatchers, or when Apple had discovered loads and loads of malware in the App Store, or when iPhone users had their nude pictures leaked all over the internet for the world to see because Apple sat on a reported issue with their cloud security for over a half year without doing anything about it? Or when thousands of iPhone users had their accounts locked out and they had to pay money to a hacker to get them unlocked? The difference between Android and iOS, is that if you're responsible on Android, you can have a flawless experience, where if you're responsible on iOS/iPhone, you're still at the mercy of anyone clever enough to exploit any of the many flaws/vulnerabilities with the OS/web services. As people have already stated on here. No platform is perfect, so stop trolling. Just because you changed your profile name doesn't make you any less of an asshat. Grow up.
posted on Jun 17, 2017, 1:21 AM 1
Posts: 335; Member since: Sep 28, 2016
Here comes all the trolls. One platform being more or less secure, doesn't make any of them 100% secure. The problem here is very simple. People are evil. It is up to the store owner to make sure their clients are selling garbage. Google needs to step up and make sure apps they allow, are safe to download. All platforms have this issue. The only difference with lets say Windows is, not all Windows app come directly through or from Microsoft. But companies like Google and Apple, who have their own stores, and have an app verification process; should make sure the app meets the quality that it should. It should be installed and tested to make sure they don't have backdoors and malicious code. I know it is impossible to catch everything. But if 800 apps got in without detection, then that is a control problem. Why do you need an app to change wallpapers. I NEVER download those. If I want wallpapers, I google the type I want and pick and just save the image. I download the wallpapers PA posts and I pick from the pack. As usual, the biggest issue is in Asian countries, not in the US. All platforms have hacks and security issues. But as per usual, here come all the iSheeple with their security BS. All software is hack-able and can be used by people with malicious intent. All this BS like FlashBatmite/Mxy talkign about I though Android is more secure, is just a troll trying to start a debate. Don;t fall far it. All software has its security measures and all of them can be circumvented.
posted on Jun 16, 2017, 10:58 AM 5
Posts: 335; Member since: Sep 28, 2016
@Piyath - Who was Android stolen from? Oh and all software is insecure because none are 100% secure. As I recall IOS has the same issues. Apple does have a better quality control for their apps. bet yet there are plenty of articles where IOS apps have been found to contain malicious code. So I fail to see how any imperfection is somehow perfection because you chose to use something different. No software is or will ever be 100% secure. The main reason is coders are not perfect and the fact there are people who sole purpose is to hack and create issues for hate or money. So your constant attacking of Android when iOS in fact has the same issue, makes you simply a stupid ignorant fool. You are the one who should STFU! You are a hypocrite and you only purpose of being here is to troll. Not once do you ever say anything with logic, thought or even any common sense whatsoever. You Apple fans have always been nothing but a bunch of lifeless pieces of garbage. Get a job you lazy good-for-nothing jag-off!
posted on Jun 16, 2017, 11:09 AM 4
Posts: 2942; Member since: Jul 02, 2014
I stopped reading when I saw Trend Micro. They just supply malwares and only they have the solution for it. They are known for this.
posted on Jun 16, 2017, 8:36 PM 1
Posts: 5868; Member since: May 06, 2016
"They just supply malwares and only they have the solution for it." Yeah, Scottie... In fact, almost all Software security companies do make malwares themselves and distribute them to only latter announce that they've "discovered" a new type of malware... They all do it to build hype around them and drum up business.
posted on Jun 16, 2017, 9:17 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):