Malicious Android Ad Malware

Applications can be downloaded from the Google Play Store for free on an android and these apps can be downloaded millions of times but these apps have been found to have a malicious ad library that collects sensitive user data and can also perform dangerous operations.

The malicious ad library is known as dubbed Xavier, which was discovered in September 2016 and poses a threat to all android users.

Most free apps that are available on the Play Store contain ads that acts as a revenue source for their developers and the apps are integrated with Android SDK Ads Library so that it doesn’t affect the apps core functionality.
Trend Micro claims that the malicious ad library comes pre-installed on the applications and ranges from all sort of applications.

Features
The previous version of Xavier only installed APKs silently on the targeted devices but in the dubbed Xavier the developer has integrated those features into more sophisticated ones such as:

To escape from dynamic detection, Xavier detects if the system is running in an emulator and it also checks the devices Product Name, manufacturer, device brand, device name, device module, hardware name or fingerprint across a wide range of strings specified within the malware
The behavior of the malware is also hidden by cross-referencing the email address of the user with certain strings

Some features that the malware incorporates to avoid detection: