Privacy News After Judy, Xavier malware found in over 800 Android apps on Google Play Store

Arin

Level 3
Thread author
Verified
Nov 1, 2014
104
After Judy, a new Trojan-based malicious code Xavier has been discovered in more than 800 applications on Google Play Store. According to TrendLabs Security Intelligence – which first detected the Trojan ad library – affected apps have been downloaded millions of times from Google Play. Most of these apps have been found to be utility apps such as photo manipulators, wallpaper, and ringtone changers.

Xavier has existed for over two years as its first version called joymobile appeared in early 2015, reported TrendLabs. Xavier isn’t easy to detect, neither via static or dynamic analysis. “In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware,” the report read.

Users in Southeast Asian countries like Vietnam, Philippines, and Indonesia made the highest number of download attempts, compared to a fewer in the US and Europe. About 23.27 per cent users in Vietnam have download the affected apps, while 19.14 per cent and 8.23 per cent attempts came from Philippines and Indonesia respectively. Thailand and Taiwan stand at 6.66 per cent and 5.36 per cent downloads respectively. Close to 37.34 per cent download attempts were made by users in other countries.

It is feared that Xavier is more widespread and dangerous when compared to Judy. To recall, Judy was found in over 41 apps on the Google Play Store, and it infected between 8.5 million to 36.5 million users. In comparison, Xavier has been discovered in over 800 apps, which means it is likely to put a lot more users at risk.

While Judy uses devices to create false clicks on ads to revenue for the people behind this, Xavier can easily download and execute other malicious codes as well. Xavier resorts to encrypting all constant string, and several other methods to make detection difficult. So, there’s not really an easy way to know if a user’s device has been affected by Xavier. However, the report points out that Xavier’s behavior depends on the downloaded codes and the URL of codes, which are configured by the remote server.

TrendLabs Security Intelligence also put out a list of ways to keep devices safe from malware attack. This includes avoid installing apps from an unknown source, reading reviews before downloading apps, updating and patching mobile devices as well as downloading antivirus for smartphones.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
The method of attack gets clear on the mentioning of "Ad library".
One thing not to confuse is that the findings of the report do not link the malicious artifacts in the apps with the respective app authors, as people generally would. Rather, the culprit here are some Ad libraries that app authors increasingly have been integrating into their Free and Freemium apps.
Use of encryption and the other such methods like above is making the Android malware world more sophisticated.
Use of a firewall (rooted) or built-in internet connection managers for offline apps with ads, and permission managers in general should help reduce chances of different attacks.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
ehm no phone nowadays is like living in caves to me :D
My home. :D:D
gqz0SLw.jpg
 

ravi prakash saini

Level 13
Verified
Top Poster
Well-known
Apr 22, 2015
637
thanks for sharing .this kind of news helps me saving internet bill .I just showed it to my wife and ask her to not to use internet for one month and I am free to use her net.
 
  • Like
Reactions: Deletedmessiah

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
It's time to move to iPhone. I supposed less malware attacks on iPhone, huh?

:rolleyes:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top