With latest buzz around “Wanna Cry”, everybody is alert on the security aspect of their smart friend cum phone. This intruding suspicion will leave you amazed to discover another trojan-based malicious code “Xavier” found in more than 800 apps on Google Play Store. Analysis report by the security firm TrendLabs, claims that the Trojan ad library have been observed to affect apps which were downloaded millions of times from Google Play Store itself.
Android, the mobile platform of tech giant ‘Google’ being the most widely used operating system worldwide, is perhaps most exploited in computing security due to its evolving popularity. All mobile apps have to undergo a scan process before it is published in Google Play Store, but as the saying goes ‘No one is perfect’, Google’s system can be fooled indirectly or directly for an attack remotely planned. Does this question the quality of apps developed for Google Store? For more information refer: “Google’s sternness towards poorly developed app”. Member of the AdDown family, Xavier existed for over two years when its first version called joymobile, appeared in early 2015 with capability of remote code execution. This ad library is far beyond collecting and leaking user info due to its expertise in installing other APKs silently if the device is rooted. Infected devices resulted in generation of large volumes of fraudulent clicks on ads, converting into revenue for their creators. Free apps like Photo Editors, Wallpapers which receives downloads millions of times have been the incubator for Xavier malware.
Flavors of technical aspect:
As stated earlier, the ad library is integrated into apps for enabling advertising to revenue for their developers. With time, this malware has become more powerful, posing a more sophisticated kind of malicious software now. Surpassing detection, remote code execution and user information theft, Xavier is now smart enough to dodge security programs like antivirus, or anti-adware. Remotely downloading executable codes from a server, it is configured to calmly collect user data which includes, email address, device id, OS version, countries, SIM operators etc. Countries like Vietnam, Phillippines, Indonesia witness the highest number of download attempts with traces of affected apps in some parts of U.S and Europe.
Apps for your smartphones should only be downloaded from Trusted Developers only after going through reviews and ratings before giving it some space.
Stay tuned to Reflections for such latest happenings!