Trend Micro recently unearthed Xavier, an ad library that was discovered by the company’s Reputation Service. This malware is not only capable of downloading and executing additional malicious code from a remote server, but also is tenacious enough to hide itself from detection via data encryption and even emulator detection. The malware is also capable of downloading and installing other APKs and can do so completely without detection if your smartphone is rooted.
An Example Of A Xavier Malware-Infected App
Regardless, once the malware is on the target device it can transmit both device information and personally-identifiable user information such as email addresses, user login names, etc. The Trend Micro alert offers a list of known apps here that contain the Xavier malware (PDF, starting page 3). If you’ve downloaded one of these apps, we’d suggest removing it ASAP and if possible, after backing up your data, performing a factory reset on your phone.
Apps associated with the malware range from photo editing, to wall paper and ringtone apps. It’s a wide swath of popular Android add-on software, actually. If your phone isn’t rooted or set to allow “apps from unknown sources” in Android, you should be relatively safe from Xavier's targeted 3rd party payload downloads. However, if you like to run things a bit more custom and open, better check what’s on your device, just to be sure.
Image, courtesy: Flickr user portal gda