It’s happening again, and this time it looks like more Android users are exposed to being hacked through apps that were published in the Google Play Store.

Security company Trend Micro warns that it discovered more than 800 apps published in the Google Play Store that are infected by Xavier, a form of malware that was originally discovered nearly two years ago, but which has since evolved to get more worrying capabilities.

Xavier comes pre-installed in very popular types of free apps, such as photo editors and wallpapers, and the security firm says that these apps have already recorded millions of downloads.

This means there’s a good chance that millions of devices have already been infected with the malware, with users not having a single clue about it since Xavier has evolved to the point when it’s capable of hiding from security software like antivirus products.

For example, while the original version of the malware that was spotted two years ago was mostly developed to push ads and help increase revenue for the authors, the new version can communicate with a remote server and download additional payloads that can be deployed on the affected device.

Stealing user data

Furthermore, Xavier can now steal pretty much any data from an infected device and collect information such as email addresses, app files, SIM card information, and even messages.

Even though Asian users were mostly the target of this reinvented version of Xavier, with the biggest number of infections spotted in Vietnam and Indonesia, the security firm says that it also detected downloads of infected apps in the United States and Europe, though in this case the number of substantially smaller.

Security applications for Android are already being updated to detect and block Xavier, but as usual, users are recommended not to download apps if they don’t seem to come from a legitimate source, even if they are published in the Google Play store. Google will most likely remove these compromised apps as soon as possible, but other malware can reach the store at any given moment.