New Android malware Xavier quietly steals your data

By Cal Jeffrey ยท 30 replies
Jun 16, 2017
Post New Reply
  1. Trend Micro has discovered a new Trojan malware that is pretty nasty. The security analysts identified the malware as “ANDROIDOS_XAVIER.AXM” or Xavier for short. It is an ad library that quietly sends user data to a remote server. What makes it so nasty is the methods it uses to cover its tracks and disguise its activities.

    First of all, it comes embedded within relatively innocuous apps, like ringtone makers and photo editing apps. Most of these applications appear to be originating from Southeast Asia. Trend Micro has discovered over 800 different apps containing the malware which have been downloaded cumulatively millions of times from Google Play, so it is fairly widespread.

    Another thing that makes the malware insidious is the way it is coded into the application. No overtly malicious code is used within the app, so no flags are raised when submitted for approval to the store. However, once installed the malware downloads malicious code from a covert server, which it can then execute. These actions can all happen in the background without the user’s knowledge or consent.

    “[It] is [also] capable of installing other APKs, and it can do this silently if the device is rooted,” say the analysts.

    Xavier goes to great lengths to hide its presence and actions. It uses string encryption and internet data encryption to mask its communications. It also performs checks on the device to ensure that it is actually installed on a phone and not an emulator.

    “Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.”

    If the malware detects that it is running on emulated hardware, it shuts down.

    Once on the device, the malware can transmit various information about the phone and the user. Some of the information that it sends seems harmless at first such as equipment manufacturer, language, and country of origin. However, it is also capable of transmitting email addresses and other information as well.

    Trend Micro did not have a full list of affected apps but did provide a list of “applications, which have been removed by Google as of publication,” including hashes.

    The analysts suggest avoidance of apps from unknown sources as a primary precautionary measure. Trend Micro also has a Mobile App Reputation Service that you can use to scan apps by name to determine if it is trustworthy. There is also security apps from TM on the Google Play store that can be installed to protect your device from malware.

    Permalink to story.

  2. psycros

    psycros TS Evangelist Posts: 1,877   +1,298

    Never download an app that has either no reviews or not very many, esp. if most them consist of only one or two English words. That's a red alert for malware.
    Reehahs and Cal Jeffrey like this.
  3. Lionvibez

    Lionvibez TS Evangelist Posts: 1,268   +437

    Glad I just upgraded to a Blackberry Keyone which can't be rooted!
  4. wastedkill

    wastedkill TS Evangelist Posts: 1,423   +350

    Android, So secure. lol
  5. Kenrick

    Kenrick TS Evangelist Posts: 571   +373

    Another blow to android security when the malware is available to the playstore. The authors of the malware should be held accountable.
  6. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Android, so secure. lol
    IOS, so secure lol.
    Windows, so secure. lol
    Show me a totally secure OS and I'll show you a million that don't exist.
  7. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Upgraded??? What were you using up til now, a Nokia 3310?
    Cal Jeffrey likes this.
  8. Stone tablet and a chisel, but spelling mistakes are a *****!
  9. Uncle Al

    Uncle Al TS Evangelist Posts: 3,355   +2,004

    Sounds a bit too much like my kids going through my wallet while I'm taking a nap!
  10. Lionvibez

    Lionvibez TS Evangelist Posts: 1,268   +437

    A Blackberry Z30 :)

    First android phone liking it so far.

    Outstanding battery life and great build quality.
    Skidmarksdeluxe likes this.
  11. Vortex1965

    Vortex1965 TS Rookie

    Have you ever heard of Unix, or Linux? Totally secure.
  12. Camikazi

    Camikazi TS Evangelist Posts: 925   +284

    No OS is totally secure, it will never exist sine no human can see everything. That includes Linux, it is very secure but in no way is it totally secure.
  13. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Heard of 'em, natch, don't know any individual that uses them in a private capacity though. Android is based on Linux anyway.
  14. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    I was just pulling your socks earlier on. If you like it and are happy with it then that's all that counts. Personally speaking I don't see any reason not to buy it but by the same token I don't see any reason to buy it either unless you're a fan of a physical kbd, but that's just my opinion.
  15. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Now that comment reminds me of Fred Flintstones newspapers and cheques.
  16. Lionvibez

    Lionvibez TS Evangelist Posts: 1,268   +437

    The phone is on my work BES 12 server and I write alot of emails so the physical kbd was mandatory.
  17. PaulineGreening

    PaulineGreening TS Rookie Posts: 19

    Are apps downloaded from the Play Store not affected by this? I hope there would be a way to detect them soon, this is scary.
  18. TheBigT42

    TheBigT42 TS Addict Posts: 156   +82

    The only totally secure computer is powered off, encased in concrete, and is located on the ocean floor....Totally secure just to usable.
  19. MirekFe

    MirekFe TS Member Posts: 54   +17

    Tails OS.
    Although, I do have to warn you that the NSA will consider you to be an extremist (because they don't see you at all).
  20. Trillionsin

    Trillionsin TS Evangelist Posts: 1,596   +257

    So it steals your data, and installs a back door.... great. No mention on how to remove it if you happen to be infected? Great...

    What about Kali? Or is that a predecessor to Tails?
  21. MirekFe

    MirekFe TS Member Posts: 54   +17

    Tails: initial release - 23rd June, 2009 - created for preserving privacy and anonymity.
    Kali: initial release - 13th March, 2013 - meant for digital forensics and penetration testing.
    Skidmarksdeluxe and Trillionsin like this.
  22. MirekFe

    MirekFe TS Member Posts: 54   +17

    Not true. I could still recover it. The most secure computer is no computer.
  23. MirekFe

    MirekFe TS Member Posts: 54   +17

  24. PeterCC

    PeterCC TS Rookie

    So, the real concern is: Which OS is the most protected. And list the likelyhood of being hacked for each OS.
  25. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Yes, that one and all those that haven't been built yet.
    MirekFe likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...