Skip to main content

Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware


android-ad-malware
Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations.
Dubbed "Xavier," the malicious ad library, initially emerged in September 2016, is a member of AdDown malware family, potentially posing a severe threat to millions of Android users.

Since 90 percent of Android apps are free for anyone to download, advertising on them is a key revenue source for their developers. For this, they integrate Android SDK Ads Library in their apps, which usually doesn't affect an app's core functionality.
According to security researchers at Trend Micro, the malicious ad library comes pre-installed on a wide range of Android applications, including photo editors, wallpapers and ringtone changers, Phone tracking, Volume Booster, Ram Optimizer and music-video player.

Features of Xavier Info-Stealing Malware

The previous variant of Xavier Ad library was a simple adware with an ability to install other APKs silently on the targeted devices, but in the latest release, the malware author has replaced those features with more sophisticated ones, including:

  • Evade Detection: Xavier is smart enough to escape from being analyzed, from both static and dynamic malware analysis, by checking if it is being running in a controlled environment (Emulator), and using data and communication encryptions.
  • Remote Code Execution: The malware has been designed to download codes from a remote Command & Control (C&C) server, allowing hackers to remotely execute any malicious code on the targeted device.
  • Info-Stealing Module: Xavier is configured to steal devices and user related information, which includes user’ email address, Device id, model, OS version, country, manufacturer, sim card operator, resolution, and Installed apps.
According to the researchers, the highest number of infected users are from Southeast countries in Asia such as Vietnam, Philippines, and Indonesia, with a fewer number of downloads are from the United States and Europe.

android-adware
Here is a list of 75 infected Android apps that Google has already removed from its Play Store, and if you have installed any of these apps on your device, you are advised to remove it immediately.
Android malware continues to evolve with more sophisticated and never-seen-before capabilities with every passing day. Just last week, we saw first Android malware with
code injecting capabilities
making rounds on Google Play Store.

How to Protect Yourself

The easiest way to prevent yourself from being targeted by a clever malware like Xavier, always beware of fishy applications, even when downloading them from official Play Store and try to stick to the trusted brands only.
Moreover, always look at the reviews below left by other users who have downloaded the app and verify app permissions before installing any app and grant those permissions that have are relevant for the app's purpose.
Last but not the least, you are strongly advised to always keep a good antivirus application on your device that can detect and block such malware before they can infect your device, and keep your device and apps up-to-date.
Labels:

Comments

Post a Comment

Popular posts from this blog

TCP Flood & IP Spoofing Tutorial - Hping3 (With Effective Tricks)

hping is a command-line oriented TCP/IP packet assembler/analyzer. Using hping3 you are able to perform at least the following stuff: Test firewall rules Testing Network performance using different protocols, packet size, TOS (type of service) and fragmentation Remote OS fingerprinting. TCP/IP stack auditing Today, we will use hping3 for testing network performance. In other words we will use it to do DDOS Attack Tests. We can start “Help Document” by typing “hping3 --help” on the command line. Hping3 Important Parameters :  The flood parameter : Activates the fastest packet sending mode The destport(p) parameter : Specifies the destination port The spoof(a) parameter : Specifies which IP Adress is to be spoofed The rand-source parameter : Activates the random source address mode Although the above parameters are important, it should be selected which flag is set to determine the main attack type.  Main Attack Types :  The syn(S) parameter: Specifies tha
Post a Comment
Read more

Top 110 Free Proxy Sites – Best Free Proxy Servers List 2017

Sometimes you may face problem while accessing some websites either it says this webpage is not available or this website/url has been blocked. If you still want to access a useful website from a place where it is blocked, the best way to access a blocked website is by using a proxy websites. Proxy sites can open restricted website which are blocked in colleges, schools, government offices, IP restricted etc. Proxy sites not only help you to access blocked websites, it also help to surf internet anonymously. Proxy sites are very easy to use. They redirect your network traffic through their servers so that you can access those websites because their servers are not blocked to access that site. So here in this tutorial we are providing you the list of top 110 proxy servers. The below we listed the best proxy sites: Skull Proxy: Skull Proxy is a new yet very powerful proxy server that should take you to your desired site with a blazing loading time. Hidester: Peo
Post a Comment
Read more

NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool

The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux. Reverse engineering a program or software involves disassembling, i.e. converting binary instructions into assembly code when its source code is unavailable, helping software engineers, especially malware analysts, understand the functionality of the code and actual design and implementation information. Download  GHIDRA 9.0 — software package, slides, and exercises Adapted from  thehackernews.com
Post a Comment
Read more