Before the dust could settle over the discovery of Judy malware-riddled apps on Google Play store, the Trojan-inspired malicious code Xavier has found its way to the Android ecosystem.
Trend Micro's online safety monitoring arm, TrendLabs Security Intelligence, has found a deadly malware dubbed as the 'Xavier' in more than 800 applications. It is coyly embedded as 'ad library's SDK (Software Development Kit)' that has been downloaded thousands of times from Google Play. Bug-riddled applications range from utility apps such as photo manipulators to wallpaper and ringtone changers.
As per the report, Vietnam is the most affected region, followed by Philippines and Indonesia, with fewer downloads from the United States and Europe.
Should you be worried about Xavier malware?
Yes. Xavier malware is said to be more dangerous than the recently discovered Judy. The latter used infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues. It had the potential to download malicious codes without the user's consent and do remote execution, but before it could do any harm, Google took off all the affected apps from Play Store.
Read more: 'Judy' malware infects several Google Play store apps
However, Xavier is more dangerous. First, it downloads codes from a remote server, then loads and executes it. Also, it goes to great lengths to protect itself from being detected through the use of methods such as String encryption, Internet data encryption, and emulator detection.
TrendLabs Security Intelligence report also added that Xavier's stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.
Further, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware. However, Xavier's behaviour depends on the downloaded codes and the URL of codes, which are configured by the remote server.
Judy malware was found only in 40 apps, but it affected more than 36.5 million devices. On the other hand, Xavier is found in more than 800 apps and one can only imagine how widespread the infection will be.
Also read: After WannaCry ransomware, Chinese Fireball malware strikes the world; India worst-affected
How to protect your Android phones from malwares
- Always keep your Android devices updated with latest firmware
- Make sure you use premium Anti-virus software, which also provides malware protection and internet security
- Never open emails sent from unknown senders
- Never install plugins (for browsers) and application softwares on your Android phones from unfamiliar publishers
- Make a habit of visiting home pages of app developers provided in the app store and also read reviews about the app before installing. Also check whether app developers have created any other apps and do research online if the company has been previously accused of any wrong doing.