Newly discovered Android malware Xavier clandestinely steals your data

nfc smart unlock
A new variant of Android malware is making rounds in the Google Play store and it is bad news all around. According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little more clever. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

It is derived from AdDown, a family of malware that has been around for two years. But unlike most offshoots, Xavier features the troubling addition of encryption and a secure connection. Once it loads a file and obtains an initial configuration from a remote server, it detects, encrypts, and transmits information about the victim’s device — including the manufacturer, language, country of origin, installed apps, email addresses, and more — to a remote server.

According to Trend Micro, Xavier makes its remote capabilities tough to pin down by detecting whether it is running on an Android emulator, a type of software that mimics a device’s hardware components. It checks the device’s name, manufacturer, device brand, operating system version, hardware ID, SIM card operator, resolution, and does not run if it encounters an unexpected field.

Trend Micro’s analysis identified Xavier in apps from southeastern nations such as Vietnam, the Philippines, Indonesia, Thailand, Taiwan, and others, many of which appear to be innocuous on the surface. They range from utilities like photo editors to wallpaper and ringtone changers, and are typically free.

Trend Micro’s report follows the discovery of two other forms of Android malware earlier this year. In May, researchers at Check Point identified Judy, an auto-clicking adware which could have infected as many as 36.5 million Android devices. In March, Palo Alto Networks uncovered malware designed for Windows PCs in 132 apps on Google’s Play Store.

Google’s taking a proactive approach to the problem. The search giant has targeted security on Android over the past year, most recently with the introduction of the Google Play Protect platform. It says it has worked with 351 wireless carriers to shorten the time it takes to test security patches before deploying them to users — an effort that resulted in a reduction of the software approval process from six to nine weeks to just a week.

Google’s also doled out $1 million to independent security researchers and pursued an aggressive strategy of encryption. As of December, 80 percent of Android 7.x (Nougat) users secure their data with passwords, patterns, or PIN codes.

Adrian Ludwig, director of Android security at Google, pointed to social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today. “People don’t want to think about security,” he told members of the press at the RSA conference in February. “They just want it to be that way.”

Health & Fitness

Nike’s Android app is bricking its $350 Adapt BB self-lacing shoes

A firmware update for Nike's new self-lacing Adapt BB shoe appears to be bricking the $350 footwear for some owners. Android users have said the Nike app no longer pairs with the shoe, rendering the tightening mechanism useless.
Movies & TV

ESPN Plus is a great sports companion. Here's everything you need to know

ESPN's streaming service, ESPN Plus, arrived in 2018. Despite appearances, ESPN Plus isn't a replacement for your ESPN cable channels, and it differs from other streaming apps in a few key ways. We answer all your questions in this guide.
Home Theater

Make the most out of your new Apple TV with these must-have apps

If you're looking to turn your fourth-generation Apple TV or Apple TV 4K into an all-in-one entertainment powerhouse, we can help you get started with this list of the best Apple TV apps you can download.

How to perform a reverse image search in Android or iOS

You can quickly use Google to search, and reverse search, images on a PC or laptop, but did you know it's almost as easy to do in Android and iOS? We explain how to do it here, whether you want to use Chrome or a third-party app.

Samsung Galaxy S10 vs. Google Pixel 3: Can Samsung beat the stock Android king?

The Samsung Galaxy S10 is here, offering modern specs, a beautifully high-resolution display, and an edge-to-edge design with a small cutout in the display for the front-facing camera. But can the phone take out the Google Pixel 3?

Protect your iPhone or iPad with the IPVanish VPN, on sale through February

One of our favorite virtual private networks for iPhones and iPads, IPVanish, is now offering a huge discount on its two-year subscription as part of its 7th-birthday promotion. Read on to find out more about how this VPN works and how you…

Samsung’s wide range of Galaxy products means there’s something for everyone

Samsung launched a host of new products on February 20, with prices ranging from just $35, all the way up to nearly $2,000. This was not by chance, and the company believes it has something for everyone in 2019.

Verizon is launching real standards-based 5G in 30 cities in 2019

Verizon is in the midst of a massive 5G rollout. In addition to fixed 5G service, it will also begin deploying mobile 5G in the coming months. Here's everything you need to know about Verizon's 5G network and when it will be in your town.

Stay fit and save cash with our top 10 affordable Fitbit alternatives

As much as we love Fitbits, they're rather expensive. If all you want is a simple activity tracker, however, then check out these great cheap Fitbit alternatives. With offerings from brands like Garmin, you don't need to pay full price.

Samsung Galaxy S10e vs. OnePlus 6T: Can the Flagship Killer survive?

The Samsung Galaxy S10e is the new affordable flagship on the block, but at $750, it's $200 more than the OnePlus 6T. Does the Flagship Killer stand a chance against the new generation of flagship devices? Let's take a closer look.

Make some time for the best smartwatch deals for February 2019

Smartwatches make your life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. So if you're ready to take the plunge into wearables and want to save money, read on for the best smartwatch deals.
Product Review

Samsung’s Galaxy Buds are a brilliant combination of value and comfort

With six hours of battery life, an extremely comfortable fit, sweatproofing, and a very palatable price tag, Samsung’s Galaxy Buds are putting all other true wireless earbuds on notice.

Amazon drops a sweet deal on the Kate Spade Scallop smartwatch for women

Unlike many other smartwatches geared toward women, the Kate Spade Scallop offers a more chic and minimalistic look. With this Amazon sale going on right now, you can get it for $109 off its retail price.

Lyft’s Shared Saver service offers cheaper rides, but you’ll have to walk a little

Lyft has launched a new ride option called Shared Saver that offers cheaper rides if you're willing to walk a little. Shared Saver designates a nearby pick-up point and drops you off a short distance from your final destination.