Skip to main content

Newly discovered Android malware Xavier clandestinely steals your data

nfc smart unlock
Image used with permission by copyright holder
A new variant of Android malware is making rounds in the Google Play store and it is bad news all around. According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little more clever. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

It is derived from AdDown, a family of malware that has been around for two years. But unlike most offshoots, Xavier features the troubling addition of encryption and a secure connection. Once it loads a file and obtains an initial configuration from a remote server, it detects, encrypts, and transmits information about the victim’s device — including the manufacturer, language, country of origin, installed apps, email addresses, and more — to a remote server.

According to Trend Micro, Xavier makes its remote capabilities tough to pin down by detecting whether it is running on an Android emulator, a type of software that mimics a device’s hardware components. It checks the device’s name, manufacturer, device brand, operating system version, hardware ID, SIM card operator, resolution, and does not run if it encounters an unexpected field.

Trend Micro’s analysis identified Xavier in apps from southeastern nations such as Vietnam, the Philippines, Indonesia, Thailand, Taiwan, and others, many of which appear to be innocuous on the surface. They range from utilities like photo editors to wallpaper and ringtone changers, and are typically free.

Trend Micro’s report follows the discovery of two other forms of Android malware earlier this year. In May, researchers at Check Point identified Judy, an auto-clicking adware which could have infected as many as 36.5 million Android devices. In March, Palo Alto Networks uncovered malware designed for Windows PCs in 132 apps on Google’s Play Store.

Google’s taking a proactive approach to the problem. The search giant has targeted security on Android over the past year, most recently with the introduction of the Google Play Protect platform. It says it has worked with 351 wireless carriers to shorten the time it takes to test security patches before deploying them to users — an effort that resulted in a reduction of the software approval process from six to nine weeks to just a week.

Google’s also doled out $1 million to independent security researchers and pursued an aggressive strategy of encryption. As of December, 80 percent of Android 7.x (Nougat) users secure their data with passwords, patterns, or PIN codes.

Adrian Ludwig, director of Android security at Google, pointed to social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today. “People don’t want to think about security,” he told members of the press at the RSA conference in February. “They just want it to be that way.”

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
App subscription fatigue is quickly ruining my smartphone
App Store displayed on an iPhone 14 Pro against a pink background

When I first got an iPhone in 2008, I remember checking out web apps, which were basically websites that I would keep bookmarked on the home screen. Every time I opened them up, they somehow didn’t look like I just launched mobile Safari. Eventually, Apple launched the App Store in July 2008, mostly eliminating the need for antiquated web apps.

Since the App Store opened up, we've gotten to see innovative new apps and games that took our iPhones to a completely new level — showing us what our devices were capable of. I was excited to see and hear about new apps for a variety of things, from task managers to camera replacement apps to photo editors to journals and so much more. Games were also making use of the iPhone’s accelerometer and gyroscope sensors, so it wasn’t just always about touchscreen controls.

Read more
App developers get relief from Google tax in one of Android’s biggest markets
Tinder on the GooglePlay App Store.

Just over a week ago, Google was fined approximately $113 million in India for forcing its in-house billing system on developers making Android apps. While the fine was hefty in and of itself, the laundry list orders issued by the Competition Commission of India were the real concern for Google.

The company has now complied with the most controversial directive by removing the mandatory Google Play billing policy for in-app purchases made in India. In an official update, the company notes that it is “pausing enforcement of the requirement for developers to use Google Play's billing system for the purchase of digital goods and services for transactions.”
Why does it matter?

Read more
Google’s Android monopoly finds its biggest challenge, and Apple might be next
Apps screen on the Google Pixel 7.

The Competition Commission of India slapped Google with two hefty fines over anti-competitive strategies that have allowed it to dominate the mobile ecosystem in India. Totaling over $250 million, the penalties reprimand Google for forcing smartphone makers to avoid Android forks, prefer Google’s web search service, and pre-install popular cash cows like YouTube on phones.

Google was also disciplined for forcing its own billing system on developers that allowed the giant to take up to a 30% share of all in-app purchases for applications listed on the app store. Google is not really a stranger to titanic penalties; The EU handed Google a record-breaking fine of approximately $5 billion in 2018 for abusing its dominant market position — a penalty that was upheld in September this year following Google’s appeal.

Read more