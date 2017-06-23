Moneycontrol News

A Trojan Android Malware called Xavier is spreading in the Android devices. According to data of Trend Micro Inc, more than 800 applications embedded with Xavier have been downloaded million times from Google Play Store.

The Trojan steals and leaks a user’s information of the Android user.

These applications range from utility apps such as photo manipulators to wallpaper and ringtone changers.

Following are the features of Malware Xavier

Xavier comes with an embedded malicious behavior that downloads codes from a remote server, then loads and executes it.

It can protect itself from being detected through the use of methods such as String encryption, Internet data encryption, and emulator detection.

Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.

It depends on the downloaded codes and the URL codes, which are configured by the remote server.

“Updating and patching mobile devices will help keep malware that targets vulnerabilities at bay. In addition, users and enterprises can also look into multi-layered mobile security solutions,” said Nilesh Jain, Manager of Trend Micro India.

He added, “The easiest way to avoid a malware like Xavier is not to download and install applications from an unknown source, even if they are from legitimate app stores like Google Play.”

It is suggested that users read reviews from other users who have downloaded the applications.

A majority of downloads were from countries like Vietnam, Philippines, and Indonesia. Some of the downloads are from the United States and Europe too.

Evolution of Xavier

Xavier is a member of the AdDown family, which has existed for over two years. The first version, called 'joymoblie' was seen in early 2015. It is capable of remote code execution.

Other than collecting and leaking user information, it is also capable of installing other APKs on the device.

The second variant was known as 'nativemob' and in January 2016, it got updated.

Xavier emerged in September 2016 with a more streamlined code. The first version of Xavier removed APK installation and root checking and added data encryption.

How to avoid malware like the Xavier?

Do not download and install applications from an unknown source, be careful even if they are from legitimate app stores like Google Play.

Read the reviews from other users who have downloaded the application. It can be a great source of insights if the reviews can point out a specific application exhibits suspicious behavior.

Updating and patching mobile devices will also help to keep malware away from the target vulnerabilities.