800 Android Apps on Google Play Store Infected with Xavier Malware


Over 800 different Android apps that have been downloaded from Google Play Store are, unfortunately, detrimental to your device. Why? Well, it’s due to the fact that they’re compromised with malware named Xavier that gathers personal information in the background, sends it to third parties and puts your online accounts, digital wallets, and bank accounts at risk of being overtaken. The threat itself was released in September of 2016 and comes from AdDown family. And, unfortunately, millions of people who use Android can have their devices attacked by it.

90% of Android apps can be downloaded free of charge, so that makes it exceptionally easy to distribute viruses like Xavier. We also need to point out that advertising brings most of the money to its creators – that’s why the Android SDK Ads Library has been implemented, as it allows them to collect their profits. Unfortunately, there’re people who’re ready to abuse this functionality and, according to the security researchers from the Trend Micro company, they use RAM optimizers, various players, ringtone changers, photo editors and many other applications to achieve their goals.

Xavier was a basic adware in the past and could easily be detected by security software, but this new version implements several new features. Among them are Evade Detection which allows this threat to avoid being analyzed, from both static and dynamic malware analysis. It does so by using data and communication encryptions and by checking whether it runs in a controlled environment. There’s also a Remote Code Execution, which allows to download codes from a remote Command & Control server and makes it possible for con artists to launch any code on the affected device from a distance. And you can’t forget about an Info-Stealing Module, which is designed to collect the aforementioned personal information and send it to to third parties. This information includes email address, the ID of your device, the model number, the OS Version, manufacturer, country, sim card provider, installed apps and resolution.

At the moment, Xavier mostly attacks people from Philippines, Vietnam and Indonesia, but users from the USA and Europe can also get affected. The full list of apps infected by it can be found at https://documents.trendmicro.com/assets/appendix-analyzing-xavier-an-information-stealing-ad-library-on-android.pdf, so if you look through this list and see that you have one of those, you should remove it at once. Keep in mind that malicious programs designed for Android are constantly evolving and you should constantly be on the lookout for them. Fortunately, avoiding them is not an impossible task by any means.

Steer clear of dubious applications – it’s best to choose those that were developed by companies that can be trusted, as curiosity can sometimes lead to disastrous results. Make sure to check out user reviews, as they can provide you with a lot of useful information. Verify app permissions before installing them and, of course, have security software installed on your device. Keep it updated and running, as you never know what threat you might come upon next. And, even though Xavier can escape being detected by such software at the moment, it won’t last forever, as security researchers don’t just sit around and watch malware wreak havoc. They constantly search for the solutions to those types of threats, so don’t put yourself under unnecessary risks and you won’t have to spend your time on dealing with problems.


  1. Brilliant content is sometimes impossible to find! You have shared most valuable information. Thank you and keep sharing.


Please enter your comment!
Please enter your name here