Skip to content

Be careful! Over 800 apps on Google Play Store are affected with “Xavier” Malware

    It is very unfortunate that some Android apps has pass over the Privacy and Policy on Google Play store and some few other users has already downloaded and install the apps.

    Well, as of May 2017, we had the “Judy Malware” which is a new malware that has affected between 8.5 million to 36.5 million users. Although, Google has already dealt with such apps and now, this is “Xavier”

    It is surprising that the Privacy is kind of Over pass!


    Features of Xavier Malware

    The malware steals and leaks users’ sensitive information, such as email addresses and user login names, quietly and stealthily.

    It is also capable of downloading and installing other APKs and can do that without detection if your Android smartphone has been routed.

    Evade Detection: Xavier is smart enough to escape from being analyzed, from both static and dynamic malware analysis, by checking if it is being running in a controlled environment (Emulator), and using data and communication encryptions.

    Remote Code Execution: The malware has been designed to download codes from a remote Command & Control (C&C) server, allowing hackers to remotely execute any malicious code on the targeted device.

    Info-Stealing Module: Xavier is configured to steal devices and user related information, which includes user’ email address, Device id, model, OS version, country, manufacturer, sim card
    operator, resolution, and Installed apps.


    There’s Also Ztorg Malware

    The apps that contain Ztorg Malware are Magic Browser and Noise Detector, and both have since been removed from the Play Store, though it’s entirely possible that others may be lurking.

    The two apps were somewhat popular, with Magic Browser amassing over 50,000 downloads, while Noise Detector got over 10,000.

    The only real trace a Ztorg malware app will leave on a device is showing unwelcome ads at random, and silencing a device in order to use the SMS function in secret.

    The malware’s power essentially begins and ends with netting a user fraudulent charges and showing ads; it doesn’t aim to turn a user’s device into a member of a botnet, steal privileged information, or do any of the other nasty things that malware normally does

    Keeping your app downloading strictly to the Play Store is your best bet for staying safe from malware like this. Presumably, Ztorg apps using previous versions or fully functional versions of the malicious code are still out there on the web, but have reportedly been found and removed from the Play Store.

    How to Stay Safe

    “The easiest way to avoid a cunning malware like ‘Xavier’ is to not download and install applications from an unknown source even if they are from legitimate app stores like Google Play Store,” said Nilesh Jain, Country Manager (India and Saarc), Trend Micro.

    Read Reviews first.