Newly discovered Android malware Xavier clandestinely steals your data

nfc smart unlock
A new variant of Android malware is making rounds in the Google Play store and it is bad news all around. According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little more clever. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

It is derived from AdDown, a family of malware that has been around for two years. But unlike most offshoots, Xavier features the troubling addition of encryption and a secure connection. Once it loads a file and obtains an initial configuration from a remote server, it detects, encrypts, and transmits information about the victim’s device — including the manufacturer, language, country of origin, installed apps, email addresses, and more — to a remote server.

According to Trend Micro, Xavier makes its remote capabilities tough to pin down by detecting whether it is running on an Android emulator, a type of software that mimics a device’s hardware components. It checks the device’s name, manufacturer, device brand, operating system version, hardware ID, SIM card operator, resolution, and does not run if it encounters an unexpected field.

Trend Micro’s analysis identified Xavier in apps from southeastern nations such as Vietnam, the Philippines, Indonesia, Thailand, Taiwan, and others, many of which appear to be innocuous on the surface. They range from utilities like photo editors to wallpaper and ringtone changers, and are typically free.

Trend Micro’s report follows the discovery of two other forms of Android malware earlier this year. In May, researchers at Check Point identified Judy, an auto-clicking adware which could have infected as many as 36.5 million Android devices. In March, Palo Alto Networks uncovered malware designed for Windows PCs in 132 apps on Google’s Play Store.

Google’s taking a proactive approach to the problem. The search giant has targeted security on Android over the past year, most recently with the introduction of the Google Play Protect platform. It says it has worked with 351 wireless carriers to shorten the time it takes to test security patches before deploying them to users — an effort that resulted in a reduction of the software approval process from six to nine weeks to just a week.

Google’s also doled out $1 million to independent security researchers and pursued an aggressive strategy of encryption. As of December, 80 percent of Android 7.x (Nougat) users secure their data with passwords, patterns, or PIN codes.

Adrian Ludwig, director of Android security at Google, pointed to social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today. “People don’t want to think about security,” he told members of the press at the RSA conference in February. “They just want it to be that way.”

Mobile

BlackBerry Messenger to shut down in May, be replaced by enterprise version

BlackBerry Messenger for consumers will shut down at the end of May, nearly six years after it was launched. The app is going back to its roots, in a way, as it is being replaced by the much simpler BlackBerry Messenger Enterprise.
Mobile

Samsung begins retrieving all the Galaxy Fold review units

The Samsung Galaxy Fold has arrived, and it goes on sale soon. Folding out from a 4.6-inch display to a tablet-sized 7.3-inch display, this unique device has six cameras, two batteries, and special software to help you use multiple apps.
Mobile

These parental control apps will help keep your kids' device habits in check

Looking for extra security and monitoring on mobile devices? Take a look at the best parental control apps for limiting time and keeping watch on your child's phone usage and behavior. We have the top options for Android and iOS here.
Mobile

Sidestep banking fees with the nationwide launch of T-Mobile Money

T-Mobile has launched its Money banking service nationwide in the U.S., and it offers an extremely tempting set of features for everyone, including industry-leading interest rates, a powerful app, and no banking fees.
Mobile

The OnePlus 7 Pro will have four launch events to celebrate its release

The OnePlus 6T may still be new, but we're already looking ahead to the upcoming OnePlus 7. It will use the Snapdragon 855, and may have a new pop-up front camera, too. Here's everything we know about the OnePlus 7.
Smart Home

The Houzz app now lets you virtually tile your floor with augmented reality

Augmented reality is starting to be a real bonus to apps like Houzz's View in My Room 3D tool, which recently added the ability to measure how a tiled floor might look in your living space.
Product Review

Screen snags aside, the Galaxy Fold is an exciting step toward a foldable future

Samsung's Galaxy Fold is the company's first foldable phone, with two screens, six cameras, and a dual-cell battery. The phone may be delayed due to display issues, but that doesn't stop us from asking -- what's it like to use?
Mobile

The best Bluetooth headsets of 2019, from Sennheiser to Jabra

Quality headsets are rare. Here are our picks for the best Bluetooth headsets available, whether you need something modest, cheap, or loaded with features. We highlight the best Bluetooth headsets you can get for different situations.
Mobile

Common Samsung Galaxy S10, S10 Plus, and S10e problems and how to fix them

Samsung's new Galaxy S10 range is gorgeous and extremely powerful. But they're not perfect, and you may discover some issues with your new phone. Here are some of the most common Galaxy S10 problems and how to fix them.
Mobile

Michael Kors updates its Sofie smartwatch, but still uses a processor from 2016

Michael Kors announced an update to the Sofie smartwatch, now offering heart rate monitoring, GPS, and NFC support. There's only one problem — the device still offers the Snapdragon Wear 2100 processor.
Photography

Capture life in every direction with the best 360 cameras

While 360 cameras are still a new technology, that doesn't mean there's not a few that are worth a look. Whether you want to shoot from the middle or just need a simple, affordable option, here are the best 360 cameras on the market.
Home Theater

The best MP3 players of 2019 cram tons of music into a small package

Want to go for a run, but your phone is weighing you down? Don't sweat it. Can't fit your whole music library on your smartphone? No worries. Check out our list of the best MP3 players, and find one that works for you.
Apple

WWDC 2019 Complete Coverage

Apple’s Worldwide Developer Conference is a key tech event each year, and for Apple fans, it will be one of the two best times of 2019 (along with "new iPhone day," of course). For the last few years, Apple has debuted much of its…
Mobile

Whether by the pool or the sea, make a splash with the best waterproof phones

Whether you're looking for a phone you can use in the bath, or you just want that extra peace of mind, waterproof phones are here and they're amazing. Check out our selection of the best ones you can buy.