It seems that the ugly face of Android malware is rearing its head again and this time it is the Xavier malware. According to a report posted on Trend Micro Security’s official blog, the malware comes pre-installed on a wide range of free Android applications and has been downloaded millions of times so far.

The reason for the malware’s wide proliferation is because it actually started out as an ad library – a crucial element integrated into free/freemium applications to generate revenue for the developers. This was two years in the past though and now Xavier has mutated from a relatively annoying adware into a far more malicious piece of software. The blog report goes onto state that Xavier is now capable of evading security and anti-virus applications, enable remote code download and execution from servers and stealing the infected user’s information including the email address, device iD, model, OS version, country, manufacturer, SIM card operator, resolution and installed applications.

Xavier malware spread Trend Micro Security
The spread of Xavier according to Trend Micro Security’s statistics

The majority of the infected handsets are clustered in the South-East Asia region, in Vietnam, Philippines and Indonesia. There is also a smaller number of downloads in the US and EU (Europe) region. This once again puts the spotlight on Android for being a vulnerable OS primarily as this is not the first time that the Play Store has been host to malware infected applications. This is exacerbated by the fact that most Android OEM’s stop pushing updates, fixes and newer OS updates which can combat exploitation of such vulnerabilities. And as we have seen earlier in the year, even buying a phone from a trusted OEM sometimes is not a guarantee of getting a secure smart device.

Follow us on our social media to keep up to date with the latest in the world of Android.