We all like having our details secured and believe in using applications to secure our data. We all rush to google’s playstore or Apple’s App Store to download that one app that will make life easier for us. However, these applications are no longer as safe as we all believe. A new malware is on the rise known as Xavier which is symbolic for the actual name Androidos_Xavier.AXM. This comes weeks and months after another malware invaded Google’s Playstore inform of an adware known as Judy. The Xavier malware is an ad library that sends users data to a remote server quietly without users noticing anything unusual. This malware was detected by the world’s largest provider of security software for corporate servers. The Xavier malware uses nasty methods to enable it remain hidden and in disguise from its users.

Xavier malware is very cunning. It comes embedded in apps that most people use frequently like photo editing and collage apps and photogrid frame collage is one of them, in phone tracker GPS apps, ringtone makers applications and many other applications. This enables it to be downloaded by users as it targets frequently downloaded apps so that it can invade the phone. According to Trend Micro, it has discovered the malware in 800 different applications which have been downloaded from Google’s Playstore.

Xavier is also capable of installing other APKs especially on rooted devices. Be cautious of any new application that has self-installed itself within your android phone the next time you find it. It maybe one of Xavier’s invasion techniques on the phone.

Xavier does not use malicious code within the apps to make sure it remains hidden without any traces. It does this to ensure that during its submission to Google’s Playstore for approval it remains unnoticeable. This leaves us with a hard nut to crack on how to protect ourselves against this malware if it is not being detected by Google’s Playstore approval services. Once a user downloads any app that possibly has the malware, it then downloads malicious codes from a remote server which it uses to execute its processes in the phone’s background.

I would call the malware a smart malware. It performs checks on the users phones to ensure it is installed within the phone system itself and not on an emulator. The malware shuts down once it recognizes it is running on an emulated device. It goes further to hide its presence by using internet data encryption to mask its communications along with string encryption.

We should all be way of the Xavier malware. Once it self-installs itself within any device via a downloaded app, it then transmits information about the phone such as the product name, the device brand, manufacturer,hardware name or even the fingerprints on the phone (Therefore any passwords and patterns users use for their phone’s content security purpose is transmitted to the remote servers). This does not look very serious at first but once it starts getting into your email address, it transmits email addresses to remote servers including the information contained within the email address. This where we all begin getting terrified and alarmed as most of our crucial information is stored within our emails.

Trend Micro were not able to have a full list of all affected apps but provided a few from the List of Affected Apps . Unfortunately, the Xavier malware is affecting android phones. Therefore, the next time before we think of rushing and scrolling over to the playstore, let’s be cautious of the apps we download by reading reviews of an app and also we update and patch our mobile devices to keep the malware at bay.

Source: Trend Micro Security