It wasn’t long after we reported on the damage caused by Judymalware, a self-clicking adware discovered in 41 apps, that Google and its Play Store have been targeted again with a virus whose scope of infected apps reaches 800. Well-known Japanese cybersecurity company Trend Micro has discovered this new malware, which has been given the name Xavier, belonging to the adDown family, which is, like Judy, adware viruses that show victims banner ads while stealing personal information and silently installing other unwanted packages on the infected device.

Xavier is actually an old acquaintance, initially discovered in September 2016, it appears in its third variant and according to Trend Micro’s indications, the most affected countries are concentrated in the Asian continent, while only a small percentage of Europeans and Americans have downloaded compromised applications. Google obviously wasted no time in removing the infected apps reported by Trend Micro from the Play Store. Compared to previous versions, this time Xavier has been enhanced and has become more threatening:

  1. first, it was made sure that the code would not be detected by security systems;
  2. once installed and activated the modules that allow it to remain hidden, the malicious software starts to remotely download codes that allow it to execute commands and operations on victims’ devices.

The goal is always the same: to steal sensitive information of the unlucky users (emails, social accounts, installed apps, model of the smartphone or tablet, operating system version) as well as photos and other sensitive data.

Once again, it is advisable to pay close attention to the apps you download, especially if they are not the most famous ones or the apps of the moment, especially if they belong to little-known companies even if they are present on the official Android store. And not to forget good habits, remember the need or rather urgency to equip Android systems with anti-malware software.