Google claims that it has an uptight security when it comes to checking apps for any malicious content or not. But given the recent case with Judy malware which had affected many apps, the question that we are asking now is whether Google's security is efficient enough or not. Google Play store seems to be a vulnerable place these days.
Well, just as the case with Judy seems to have been solved, a new Trojan-based malicious code dubbed as "Xavier" has been discovered in more than 800 applications on Google Play Store. That's a large number and quite concerning as many apps are downloaded from the Play Store every day.
Besides, TrendLabs Security Intelligence was the first to detect the Trojan ad library and have reported that the affected apps have already been downloaded by many users from Google Play. "Based on data from Trend Micro Mobile App Reputation Service, we detected more than 800 applications embedded the ad library's SDK that has been downloaded millions of times from Google Play. These applications range from utility apps such as photo manipulators to wallpaper and ringtone changers," reports the agency.
The report highlights that users in Southeast Asian countries like Vietnam, Philippines, and Indonesia have made the greatest number of download attempts, compared to a fewer in the US and Europe. As per the stats, about 23.27 percent users in Vietnam have downloaded the affected apps, while 19.14 percent and 8.23 percent attempts were made in Philippines and Indonesia respectively. Thailand and Taiwan have 6.66 per cent and 5.36 per cent downloads whereas 37.34 percent download attempts have been made by users in other countries.
Further, the security agency has revealed that Xavier has been present for almost two years now and its first version was called joymobile. However, over time it seems to have evolved and the report states that Xavier's stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis.
"In addition, Xavier also has the capability to download and execute other malicious codes, which might be an even more dangerous aspect of the malware. Xavier's behavior depends on the downloaded codes and the URL of codes, which are configured by the remote server," says the security firm.
Xavier steals and leaks a user's information silently and it seems that the impact has been widespread. The actual infected devices figure is still not known.
In any case, TrendLabs Security Intelligence also recommendations and best practices to keep devices safe from malware attack. The agency has advised users to avoid installing apps from an unknown source even if they are from legitimate app stores like Google Play. The agency has asked users to read reviews before downloading apps and has also asked users to keep updating and patching their mobile devices. Downloading antivirus for smartphones is important says the agency.