After Judy, Xavier malware found in over 800 Android apps on Google Play Store

By: Tech Desk | New Delhi | Published:June 17, 2017 12:12 pm
Xavier, Xavier malware, Xavier malware Android apps, Xavier Google Play Store An example of an app on Google Play that contains an embedded Xavier ad library. (Source: TrendLabs Security Intelligence)

After Judy, a new Trojan-based malicious code Xavier has been discovered in more than 800 applications on Google Play Store. According to TrendLabs Security Intelligence – which first detected the Trojan ad library – affected apps have been downloaded millions of times from Google Play. Most of these apps have been found to be utility apps such as photo manipulators, wallpaper, and ringtone changers.

Xavier has existed for over two years as its first version called joymobile appeared in early 2015, reported TrendLabs. Xavier isn’t easy to detect, neither via static or dynamic analysis. “In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware,” the report read.

Users in Southeast Asian countries like Vietnam, Philippines, and Indonesia made the highest number of download attempts, compared to a fewer in the US and Europe. About 23.27 per cent users in Vietnam have download the affected apps, while 19.14 per cent and 8.23 per cent attempts came from Philippines and Indonesia respectively. Thailand and Taiwan stand at 6.66 per cent and 5.36 per cent downloads respectively. Close to 37.34 per cent download attempts were made by users in other countries.

It is feared that Xavier is more widespread and dangerous when compared to Judy. To recall, Judy was found in over 41 apps on the Google Play Store, and it infected between 8.5 million to 36.5 million users. In comparison, Xavier has been discovered in over 800 apps, which means it is likely to put a lot more users at risk.

While Judy uses devices to create false clicks on ads to revenue for the people behind this, Xavier can easily download and execute other malicious codes as well. Xavier resorts to encrypting all constant string, and several other methods to make detection difficult. So, there’s not really an easy way to know if a user’s device has been affected by Xavier. However, the report points out that Xavier’s behavior depends on the downloaded codes and the URL of codes, which are configured by the remote server.

TrendLabs Security Intelligence also put out a list of ways to keep devices safe from malware attack. This includes avoid installing apps from an unknown source, reading reviews before downloading apps, updating and patching mobile devices as well as downloading antivirus for smartphones.

For all the latest Technology News, download Indian Express App

  1. P
    Pietro Orsini
    Jun 19, 2017 at 4:36 pm
    It sounds really alarming, thanks for the information I guess, it would be helpful to have a list of malware in Google Play (or at least, some of it). There's some information about apps with malware code on Informer sites, but it's no even closely enough. So, the question is, does anyone have a source to check, what app have been infected?
    1. P
      Pietro Orsini
      Jun 19, 2017 at 4:37 pm
      s: droidinformer /Stories/play-store-is-choke-full-of-apps-open-for-malware-attacks - link to the mentioned Informer article, if someone is interested
    2. G
      Jun 17, 2017 at 6:14 pm
      There are hundreds of different messenger apps out there that people use every single day, each offering a little something different with the aim of standing out in a very compe ive market. Today, messaging apps do so much more than just let the user send a message to people in their contact list, in fact, they can do so much more. From being able to video call, group chat, make payments, shop online, send do ents, images and videos and more. Recently, lots of the apps have added the additional feature of being able to play games, much to the joy of many of their users. It keeps us using messenger apps. s: thegreatapps /blog/gaming-keeps-us-using-messenger-apps/
      1. E
        Employ Ment
        Jun 17, 2017 at 12:34 pm
        योजना ✔मोदी जी द्वारा चलाए गए डिजिटल इन्डिया से जुड़े और 15,000 - 50,000 रुपए ✔अब कोई नही रहेगा बेरोज़गार और नही करेगा कोई बेरोज़गार आत्महत्या ✔क्योंकि अब आ गई है 21वीं सदी की सबसे बड़ी रोज़गार क्रांति ✔हमारा सपना पूरे भारत को ही नही पूरी दुनिया को डिजिटल इंडिया से जोड़ना सबका साथ सबका विकास ➡शुरुवात कैसे करे ✔C.h.a.m.p`C.a.s.h को प्ले स्टोर से इन्स्टल करे, और साइन अप करे, $1 डॉलर बोनस : 468942 ➡चैलेंज को पूरा करे ➡और इंकम करनी शुरू करे 👇🏻इसे जरूर नोट कर ले👇🏻 : 468942 ........................ Hsggsuhdgudhid