Trend Micro has discovered a new Trojan malware that is pretty nasty. The security analysts identified the malware as ANDROIDOS_XAVIER.AXM or Xavier for short. It is an ad library that quietly sends user data to a remote server. What makes it so nasty is the methods it uses to cover its tracks and disguise its activities.
First of all, it comes embedded within relatively innocuous apps, like ringtone makers and photo editing apps. Most of these applications appear to be originating from Southeast Asia. Trend Micro has discovered over 800 different apps containing the malware which have been downloaded cumulatively millions of times from Google Play, so it is fairly widespread.
Another thing that makes the malware insidious is the way it is coded into the application. No overtly malicious code is used within the app, so no flags are raised when submitted for approval to the store. However, once installed the malware downloads malicious code from a covert server, which it can then execute. These actions can all happen in the background without the users knowledge or consent.