800 Android apps that have been downloaded millions of times from Google Play Store were found to have been infected with malware called Xavier. The malware is infected with a malicious ad library that preys on users, collecting sensitive data. Once the data is captured, the malware can perform a number of dangerous actions that will affect the user.
Since most of the Android apps on Play Store are free to download, developers typically integrate Android SDK Ads Library in the apps they publish. This allows them to monetize the apps through different forms of ad formats that appear in-app.
While Xavier was formerly only able to install other APKs (application package files), it was relatively harmless. On the latest release, however, the malware’s author has given it three key functionalities: the ability to evade detection using data and communication encryptions, execute malicious code from a remote server (Command & Control, or C&C Server) and steal user and device information.
Trend Micro has published a list of 75 of these 800 apps, and Google has already removed these from its Play Store. If you have any of them on your device, uninstall them immediately.
The best preventive measures against this type of malware is to have anti-virus installed on all your android devices. You can also start being a little more cautious when downloading an app, even when it’s from the Google Play Store. Since Android is the most popular mobile operating system in the world, it is also the most targeted one. Read reviews for any signs of trouble with the app, and always review the permissions that an app is requesting before you grant them.
Xavier malware is part of the AdDown family of malware, and it first became widely known around September 2016. The widespread nature of its infection was only recently discovered, so it’s quite possible that one of the apps on your Android device is already infected with the malware. Remove suspicious or unused apps immediately, and only keep the ones from trusted developers and the ones you really need. Uninstall everything else.
This doesn’t guarantee that you’ll be protected, but it does put you in a more secure position.