The newest way to steal your Android device data, Xavier Malware

Where do these guys come from? Anyway, nothing new to the Android scene since recently, security researchers found the new guy on the block, Xavier malware (not a work of Charles Xavier, Or is it?)More than 800 apps on Android's app store contain Xavier, malware that steals your data.A new variant of Android malware is making rounds in the Google Play store and it is bad news all around. According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little cleverer. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

Xavier has existed for over two years as its first version called Joymobile appeared in early 2015, it isn’t easy to detect, neither via static or dynamic analysis. Which might be an even more dangerous aspect of the malware.

What is it ?

The Xavier malware is in fact an ad library - an element, integrated in free apps to enable advertising as a revenue source for their developers, and often referred to as adware. But being a relatively harmless and simple piece of adware when emerged two years ago, Xavier has recently evolved to a more dangerous and sophisticated kind of malicious software, security experts say it is now capable of evading detection, remote code execution, and stealing information. In other words, the malware is smart enough to escape from being analyzed by security programs, it has been designed to download remotely executable codes from a server, and it is configured to silently collect sensitive user data including email address, device id, model, OS version, country, manufacturer, SIM card operator, resolution, and installed apps.

Trend Micro’s analysis identified Xavier in apps from southeastern nations such as Vietnam, the Philippines, Indonesia, Thailand, Taiwan, and others, many of which appear to be innocuous on the surface. They range from utilities like photo editors to wallpaper and ringtone changers, and are typically free.

So what did Google do to protect its users?

Google’s taking a proactive approach to the problem. The search giant has targeted security on Android over the past year, most recently with the introduction of the Google Play Protect platform. It says it has worked with 351 wireless carriers to shorten the time it takes to test security patches before deploying them to users, an effort that resulted in a reduction of the software approval process from six to nine weeks to just a week.

Google’s also doled out $1 million to independent security researchers and pursued an aggressive strategy of encryption. As of December, 80 percent of Android 7.x (Nougat) users secure their data with passwords, patterns, or PIN codes.

This article isn’t made to hate on android or anything, in fact I own an android phone but the thing is that these type of security vulnerability comes with an open source OS and we have to deal with it on a daily basis and Google is working on the security of Android OS and cam far since the froyo or gingerbread releases we even might see a tighter security infrastructure with the upcoming 8.x release, so shit happens, deal with it!