Info-stealing malware Xavier has infected hundreds of free apps on Google Play Store
Android users beware! Over 800 Android apps Google Play Store are found to be infected with information-collecting malware dubbed Xavier. According to Trend Micro security experts, the malware has been pre-installed on a wide range of free Android applications, such as photo editors and wallpapers, and has been downloaded millions of times so far.
The Xavier malware is in fact an ad library – an element, integrated in free apps to enable advertising as a revenue source for their developers, and often referred to as adware. But being a relatively harmless and simple piece of adware when emerged two years ago, Xavier has recently evolved to a more dangerous and sophisticated kind of malicious software. Trend Micro’s security experts say it is now capable of evading detection, remote code execution, and stealing information. In other words, the malware is smart enough to escape from being analysed by security programs, it has been designed to download remotely executable codes from a server, and it is configured to silently collect sensitive user data including email address, device id, model, OS version, country, manufacturer, SIM card operator, resolution, and installed apps.
An example of an application on Google Play that contains an embedded Xavier ad library
The highest number of reportedly infected users are from countries in South-east Asia such like Vietnam, Philippines, and Indonesia, with a smaller number of downloads from the US and Europe. The trend we see is more alarming since it is not the first time when Google Play Store is reported to host numerous malware infected apps. It actually happened twice just in the last few months: in March, when more than 100 Play Store apps tried to infect Android devices with Windows malware, and in May, when over 36 million Android devices where affected by the Judy malware.