According to a report published this week by Trend Micro, over 800 apps currently available as free downloads from the Google Play Store have been found to be infected with a malicious, information-collecting malware dubbed Xavier, which was initially discovered over two-years ago. And though it was thought to be a relatively harmless piece of malware when it first emerged on the scene, Trend Micro security experts cited in the report say Xavier has since evolved into a much more sophisticated and dangerously malicious software.
Over the course of its existence, Xavier has been pre-installed into a variety of free Android apps, including photo editors and wallpapers, from which it has indirectly been downloaded millions of times, according to the report. However the Xavier malware is, in fact, an ‘ad library’ — which functions as “an element, integrated in free apps to enable advertising as a revenue source for their developers.”
“While we have covered malicious ad libraries before, [Xavier] comes with some notable features that differentiate it from the earlier ad library,” TrendForce said, while adding, for example, that “It comes with an embedded malicious behavior that downloads codes from a remote server, loads and executes it on an infected device, and goes to great lengths to protect itself from being detected through the use of methods such as String encryption, Internet data encryption, and emulator detection.”
In other words, Trend Micro’s security experts say, the Xavier malware has evolved to the point where it’s not only smart enough to evade being detected by security programs, but it has been specifically designed to autonomously download data-collecting code from servers, while being able to remotely collect a user’s most sensitive data including email addresses, device ID numbers, models, OS versions, SIM card operators, and data from other installed apps.
According to the report, Android users in Southeast Asian countries including Vietnam, the Philippines, and Indonesia are among the most widely affected by the Xavier malware; however “a small number” of downloads have also been detected in the U.S. and Europe.
Of course, Xavier wouldn’t be the first time Google’s Play Store has been host to malware infected apps; in fact, it’s happened several times in the last few months alone. Back in March, for example, over 100 Google Play Store apps were discovered trying to infect Android devices with malicious Windows malware, according to PhoneArena; and back in May, a form of malware known as Judy was discovered infecting as many as 36.5 million Android devices.
The silver lining in all of this is that Android users can still take preemptive steps to protect their devices, such as by only downloading apps from trusted developers, scanning the app’s reviews for any signs of impropriety, and always ensuring that apps are up-to-date… Or, you could always switch to an iPhone — you know, since they’re not susceptible to malware.