New Android malware Xavier quietly steals your data

Cal Jeffrey

Posts: 2,587   +600
Staff member

Trend Micro has discovered a new Trojan malware that is pretty nasty. The security analysts identified the malware as “ANDROIDOS_XAVIER.AXM” or Xavier for short. It is an ad library that quietly sends user data to a remote server. What makes it so nasty is the methods it uses to cover its tracks and disguise its activities.

First of all, it comes embedded within relatively innocuous apps, like ringtone makers and photo editing apps. Most of these applications appear to be originating from Southeast Asia. Trend Micro has discovered over 800 different apps containing the malware which have been downloaded cumulatively millions of times from Google Play, so it is fairly widespread.

Another thing that makes the malware insidious is the way it is coded into the application. No overtly malicious code is used within the app, so no flags are raised when submitted for approval to the store. However, once installed the malware downloads malicious code from a covert server, which it can then execute. These actions can all happen in the background without the user’s knowledge or consent.

“[It] is [also] capable of installing other APKs, and it can do this silently if the device is rooted,” say the analysts.

Xavier goes to great lengths to hide its presence and actions. It uses string encryption and internet data encryption to mask its communications. It also performs checks on the device to ensure that it is actually installed on a phone and not an emulator.

“Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.”

If the malware detects that it is running on emulated hardware, it shuts down.

Once on the device, the malware can transmit various information about the phone and the user. Some of the information that it sends seems harmless at first such as equipment manufacturer, language, and country of origin. However, it is also capable of transmitting email addresses and other information as well.

Trend Micro did not have a full list of affected apps but did provide a list of “applications, which have been removed by Google as of publication,” including hashes.

The analysts suggest avoidance of apps from unknown sources as a primary precautionary measure. Trend Micro also has a Mobile App Reputation Service that you can use to scan apps by name to determine if it is trustworthy. There is also security apps from TM on the Google Play store that can be installed to protect your device from malware.

Permalink to story.

 

Kenrick

Posts: 631   +401
Another blow to android security when the malware is available to the playstore. The authors of the malware should be held accountable.
 

Camikazi

Posts: 982   +339

Skidmarksdeluxe

Posts: 8,645   +3,286
A Blackberry Z30 :)

First android phone liking it so far.

Outstanding battery life and great build quality.
I was just pulling your socks earlier on. If you like it and are happy with it then that's all that counts. Personally speaking I don't see any reason not to buy it but by the same token I don't see any reason to buy it either unless you're a fan of a physical kbd, but that's just my opinion.
 

Lionvibez

Posts: 2,005   +1,334
I was just pulling your socks earlier on. If you like it and are happy with it then that's all that counts. Personally speaking I don't see any reason not to buy it but by the same token I don't see any reason to buy it either unless you're a fan of a physical kbd, but that's just my opinion.
The phone is on my work BES 12 server and I write alot of emails so the physical kbd was mandatory.
 

TheBigT42

Posts: 458   +363
Android, So secure. lol
Android, so secure. lol
IOS, so secure lol.
Windows, so secure. lol
Show me a totally secure OS and I'll show you a million that don't exist.
Have you ever heard of Unix, or Linux? Totally secure.
No OS is totally secure, it will never exist sine no human can see everything. That includes Linux, it is very secure but in no way is it totally secure.
The only totally secure computer is powered off, encased in concrete, and is located on the ocean floor....Totally secure just to usable.
 

MirekFe

Posts: 91   +39
Android, so secure. lol
IOS, so secure lol.
Windows, so secure. lol
Show me a totally secure OS and I'll show you a million that don't exist.
Tails OS.
Although, I do have to warn you that the NSA will consider you to be an extremist (because they don't see you at all).
 

Trillionsin

Posts: 1,878   +462
So it steals your data, and installs a back door.... great. No mention on how to remove it if you happen to be infected? Great...

Android, so secure. lol
IOS, so secure lol.
Windows, so secure. lol
Show me a totally secure OS and I'll show you a million that don't exist.
Tails OS.
Although, I do have to warn you that the NSA will consider you to be an extremist (because they don't see you at all).
What about Kali? Or is that a predecessor to Tails?
 

MirekFe

Posts: 91   +39
So it steals your data, and installs a back door.... great. No mention on how to remove it if you happen to be infected? Great...

Android, so secure. lol
IOS, so secure lol.
Windows, so secure. lol
Show me a totally secure OS and I'll show you a million that don't exist.
Tails OS.
Although, I do have to warn you that the NSA will consider you to be an extremist (because they don't see you at all).
What about Kali? Or is that a predecessor to Tails?
Tails: initial release - 23rd June, 2009 - created for preserving privacy and anonymity.
Kali: initial release - 13th March, 2013 - meant for digital forensics and penetration testing.
 

MirekFe

Posts: 91   +39
Android, So secure. lol
Android, so secure. lol
IOS, so secure lol.
Windows, so secure. lol
Show me a totally secure OS and I'll show you a million that don't exist.
Have you ever heard of Unix, or Linux? Totally secure.
No OS is totally secure, it will never exist sine no human can see everything. That includes Linux, it is very secure but in no way is it totally secure.
The only totally secure computer is powered off, encased in concrete, and is located on the ocean floor....Totally secure just to usable.
Not true. I could still recover it. The most secure computer is no computer.