• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Xavier Malware Infects Hundreds of Android Apps on Google Play Store

June 13th, 2017 Waqas Security, Android, Malware 0 comments
Xavier Malware Infects Hundreds of Android Apps on Google Play Store
Share on FacebookShare on Twitter

You might have heard researchers urging Android users not to download apps from a third party store since a lot of them contain malware. Now, things have changed as hackers and cyber criminals are bypassing Google’s security implementation on Play Store and uploading apps infected with malware.

The IT security researchers at Trend Mirco have discovered that over 800 Android apps on Google Play store contain a malware called Xavier that is silently stealing personal and financial data of users. The infected apps belong to categories like photo manipulators, utilities, ringtone chargers, anti-virus, volume booster, speed booster, video converter, call recorder, and wallpaper apps downloaded millions of times by users around the world.

[irp posts=”54252″ name=”Malicious Android app installs ‘impossible to remove’ adware”]

The majority of downloads came from countries like Indonesia, Philippines, and Vietnam while some of the downloads attempts were from European countries and the United States. 

Here’s a list of 75 apps that Google has already removed.

According to Trend Micro’s blog post:

“Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis. In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware. Xavier’s behavior depends on the downloaded codes and the URL of codes, which are configured by the remote server.”

Xavier’s history and infection

Xavier is not a new malware, in fact, it belongs to AdDown family which was discovered two years ago with remote code execution capabilities. Its first version appeared in 2015 and dubbed by researchers as “Joymobile” while Xavier itself was detected in September 2016.

Other than evading detection, Xavier comes with capabilities including collecting, leaking user data and installing other APKs in case the infected device is rooted. Furthermore, it also communicates with the Command & Control (C&C) server without encryption. However, all constant strings were encrypted in the code. Xavier does that all by remaining undetected.

What should Android users do

While Google is removing the infected apps it does not mean the malware will completely vanish from Play Store or that it will not make a come back. Xavier is a nasty piece of malware developed to take control of users’ device and data, therefore users are advised not to download apps unnecessarily.

Android users are also advised to use a verified security software and always scan their devices. Another noteworthy thing about Android is that it is one of the most targeted smartphones operating systems in the world. Just a couple of days ago researchers found WannaCry’s copycat WannaLocker ransomware targeting Android devices in China while Judy malware infected apps which were downloaded 36 million times.

Also, recently researchers discovered Dvmap malware with code injecting capability targeting Android devices. That is why Google is paying hackers and security researchers $200,000 for reporting bugs in Android.

[irp posts=”53172″ name=”Super Free Music Player Android App Comes with Malware Infection”]


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Android
  • app
  • Google Play
  • hacking
  • internet
  • Malware
  • Privacy
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Stolen UAE InvestBank, Qatar National Bank Data Sold on Dark Web
Next article Indian soldier in hot water after playing porn instead of presentation
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

38
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

25
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

70

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us