Over 800 different Android apps downloaded millions of times from the Google Play store, which was infected with a malicious ad library (Xavier Malware) that silently collects sensitive user data and can perform dangerous operations.
Trend Micro security researchers recently found a Trojan robot called Ad Xavier (identified by ANDROIDOS_XAVIER.AXM), the malware takes and filters information from the victim in silence.
More than 800 different Android applications that have been downloaded by millions of users have been damaged by storing a malicious ad library that silently collects sensitive user data and can perform critical actions. These applications range from utility applications such as image manipulators for wallpaper, anti-virus, volume booster, speed amplifier, video converter, call recorder and change ringtone.
Trend Micro researchers said:
“Xavier’s aviation and aviation capability are difficult to detect because of its self-protection mechanism that allows it to escape analysis and dynamism.” In addition, Xavier malware also has the ability to load and perform other malicious code, which can be more dangerous aspects of malware. Load code and URL symbols that are configured by the remote server. ”
Recommendations:
The simplest way to avoid malicious malware such as Xavier malware is not to install applications from unknown sources, even if they come from legitimate agency stores like Google Play.
Also reading comments from other users who downloaded the application will be helpful. Users can have excellent reference information, especially if they can indicate whether a particular application shows suspicious behavior. Updating and updating mobile devices will help users have better safety.
Xavier Malware features malware stealing information
The previous version of the Xavier Adware ad library was simple with the ability to install the other APK silently on the target devices, but in the latest version, the malware author has replaced these features with more sophisticated applications, including:
- Evade detection: Xavier malware is smart enough to escape analysis, from analyzing malware and dynamism by checking if executed in a controlled environment (emulator) and using data encryption and communication.
- After code execution: Malware is designed to load icons from the command and control server (C & C) remote control, allowing hackers to execute any malicious code remotely on the target device.
- Xavier’s information-theft module is configured to fly devices and user information, including the user’s email address, device ID, model, OS version, countries, manufacturer, SIM card player, resolution, and installed applications.
How to protect yourself
The easiest way to prevent yourself from being targeted by clever malware such as Xavier malware, always beware of suspicious applications, even if you downloaded them from the official Play Store and try to stick to reliable brands only.
Also, always look at the comments below by other users who have left the application download and check application permissions before installing the application and granting relevant licenses for the purpose of the application.
Last but not least, it is highly recommended to always keep a good antivirus application on your machine that can detect and prevent such malware before infecting your device and keeping your device updated and updated.