Skip to main content

Newly discovered Android malware Xavier clandestinely steals your data

nfc smart unlock
Image used with permission by copyright holder
A new variant of Android malware is making rounds in the Google Play store and it is bad news all around. According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little more clever. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

It is derived from AdDown, a family of malware that has been around for two years. But unlike most offshoots, Xavier features the troubling addition of encryption and a secure connection. Once it loads a file and obtains an initial configuration from a remote server, it detects, encrypts, and transmits information about the victim’s device — including the manufacturer, language, country of origin, installed apps, email addresses, and more — to a remote server.

According to Trend Micro, Xavier makes its remote capabilities tough to pin down by detecting whether it is running on an Android emulator, a type of software that mimics a device’s hardware components. It checks the device’s name, manufacturer, device brand, operating system version, hardware ID, SIM card operator, resolution, and does not run if it encounters an unexpected field.

Trend Micro’s analysis identified Xavier in apps from southeastern nations such as Vietnam, the Philippines, Indonesia, Thailand, Taiwan, and others, many of which appear to be innocuous on the surface. They range from utilities like photo editors to wallpaper and ringtone changers, and are typically free.

Trend Micro’s report follows the discovery of two other forms of Android malware earlier this year. In May, researchers at Check Point identified Judy, an auto-clicking adware which could have infected as many as 36.5 million Android devices. In March, Palo Alto Networks uncovered malware designed for Windows PCs in 132 apps on Google’s Play Store.

Google’s taking a proactive approach to the problem. The search giant has targeted security on Android over the past year, most recently with the introduction of the Google Play Protect platform. It says it has worked with 351 wireless carriers to shorten the time it takes to test security patches before deploying them to users — an effort that resulted in a reduction of the software approval process from six to nine weeks to just a week.

Google’s also doled out $1 million to independent security researchers and pursued an aggressive strategy of encryption. As of December, 80 percent of Android 7.x (Nougat) users secure their data with passwords, patterns, or PIN codes.

Adrian Ludwig, director of Android security at Google, pointed to social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today. “People don’t want to think about security,” he told members of the press at the RSA conference in February. “They just want it to be that way.”

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Don’t update your Pixel phone — a new Android update might break it
Android 14 logo on the Google Pixel 8 Pro.

Android 14 introduced a host of convenient additions to Google’s Pixel phones, but a recent minor update has utterly broken the storage system for some users. Specifically, owners of the Google Pixel 6, Google Pixel 6 Pro, and Google Pixel 6a who run multiple profiles on their phones are reporting that their phones no longer have access to the storage pipeline for the main profile.

That means users are locked out of accessing the stored media and find themselves unable to add new files as well. A few users have reported on Reddit and Google’s official community forum that they can’t even click images using the camera app because it flashes an insufficient storage warning message. A few others say trying to install an APK package also returns a similar storage writing roadblock.

Read more
Have the Android 14 beta on your Pixel? You need to download this update now
Google Pixel 7a held in hand showing home screen

Google revealed a bunch of new goodies during its opening keynote for Google I/O 2023, showing off its latest advancements in AI with Bard, as well as the brand new Pixel Fold and Pixel Tablet. There was also a sneak peek at upcoming features in Android 14, including new lock screen clocks, shortcuts, and generative AI wallpapers.

If you have a Pixel phone, like the new Pixel 7a or the older Pixel 7 or Pixel 7 Pro, then -- surprise -- Google is rolling out the Android 14 Beta 2 starting right now.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more