An adware family that comes equipped with an information-stealing component hid itself within at least 50 apps available for download on Google’s Play Store.
SophosLabs researchers came across the Android affliction, which is detected as XavirAd, in apps previously available on Google Play like “Add Text On A Photo”.
Many of the affected apps have more than one million downloads to their name. In total, Yu observed as many as 55 million unique downloads of the compromised programs.
Like all other adware, XavirAd is a nuisance in that it will regularly display full screen ads. This behavior persists even when the user isn’t using the affected app.
“Personal information is data that can be used to uniquely identify or contact a single person.
“We do not collect, store or use any personal information while you visit, download or upgrade our website or our products, excepting the personal information that you submit to us when you create a user account, send an error report or participate in online surveys and other activities.”
At the same time, XavirAd goes to great lengths to remain undetected. It encrypts all strings, giving each class its own unique decryption routine. It also uses anti-sandbox technology to avoid running in a virtual environment where researchers might explore its inner workings.
With that in mind, Android users should take the time to read the reviews of an app before they install it, and they should beware of exceedingly numerous or demanding app permissions upon installation. They should also maintain an up-to-date anti-virus solution.
Visit the article on Sophos’s Naked Security blog to read the list of affected apps.