CATEGORIES
home News

Xavier Android Ad Malware Steals User Data Then Plays Hide And Seek

by Dave AltavillaSaturday, June 24, 2017, 09:58 PM EDT
Android Malware
Here’s the thing about most types of mobile malware in the wild; they’re avoidable. That doesn’t mean, however, if you’re not paying attention--and especially if you’re the type that likes to customize things as the Android platform is so capable of--that you might not stumble into some nasty code deplorables. Such is the case with a new, very sneaky strain of Android ad malware that has been downloaded to literally millions of devices globally, though predominantly in Southeast Asia. AndroidOS_Xavier_AXM, or Xavier for short, as it is more commonly known, is a tricky little payload that has been up on the Google Play store hiding in over 800 applications and downloaded millions of times. Its data mining and device exploitation are disturbing to be sure but its stealthy methods of avoiding detection may be downright alarming.

Trend Micro recently unearthed Xavier, an ad library that was discovered by the company’s Reputation Service. This malware is not only capable of downloading and executing additional malicious code from a remote server, but also is tenacious enough to hide itself from detection via data encryption and even emulator detection. The malware is also capable of downloading and installing other APKs and can do so completely without detection if your smartphone is rooted.

Xavier Malware-Infected App Example
An Example Of A Xavier Malware-Infected App

Regardless, once the malware is on the target device it can transmit both device information and personally-identifiable user information such as email addresses, user login names, etc. The Trend Micro alert offers a list of known apps here that contain the Xavier malware (PDF, starting page 3). If you’ve downloaded one of these apps, we’d suggest removing it ASAP and if possible, after backing up your data, performing a factory reset on your phone.

Apps associated with the malware range from photo editing, to wall paper and ringtone apps. It’s a wide swath of popular Android add-on software, actually. If your phone isn’t rooted or set to allow “apps from unknown sources” in Android, you should be relatively safe from Xavier's targeted 3rd party payload downloads. However, if you like to run things a bit more custom and open, better check what’s on your device, just to be sure. 

Image, courtesy: Flickr user portal gda

Tags:  Android, Malware, Google, Google Play, Trend Micro, (nasdaq:goog), xavier
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment