Malware hidden in Android antivirus apps targeting users in Thailand


Security researchers are warning users in Thailand about a strain of malware which has been hidden inside numerous Android antivirus apps.

As many as 800 Android apps, some available through the Google Play Store, have been infected with “silent” data stealing and leaking malware.

The malware, known as Xavier, was discovered in 2016 and has proved very difficult to detect. This latest strain is targeting users in Thailand and Southeast Asia.

Researchers at Trend Micro, who first detected the malware, say that it is capable of downloading and executing other malicious codes, along with having the ability to steal personal and financial data.

A wide range of apps having been affected including include photo manipulators, utilities, ringtone chargers, anti-virus, wallpaper apps and many more. The researchers believe that these apps have already been downloaded millions of times.

“The greatest number of download attempts came from countries in Southeast Asia such as Vietnam, Philippines, and Indonesia, with fewer downloads from the United States and Europe,” Trend Micro researchers said.

Xavier infections. Image: Trend Micro

Xavier is said to use advanced security evasion techniques such as “String encryption, Internet data encryption, and emulator detection” to avoid being detected by security and anti-virus programs.

“Xavier’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis,” researchers said.

Although Xavier is not new, it has been around since 2015 but discovered in 2016, it has been very effective at infecting devices and remaining undetected.

Most malware-infected apps come from third-parties so it is important not to download apps from unknown sources. Google Play has removed 75 Xavier infected apps from their store.

Trend Micro researchers offer some advice on how to protect yourself, “It can help to read reviews from other users who have downloaded the application. Other users can be a great source of insights, especially if they can point out whether a specific application exhibits suspicious behaviour.”

However, just because an app is available in the Google Play Store, it does not necessarily mean it is safe to download.

The best way to keep your device safe it to only download apps from trusted developers from organisations or websites which are well known or that are familiar with.

It also goes without saying that you should always ensure that your device is kept up to date with the latest software and security patches.


Comments are closed.