Android Xiny malware can gain root access to your devices

Mobile security has now become equally important as desktops and laptop security. With a huge sum of personal data existing in smartphones and tablets, this device has become a prime target for attackers. Moreover, android has always been the favourite among mobile operating systems. Recent research in android security have identified a new malware called Android Xiny that is affecting the older version of Android by exploiting the unpatched vulnerabilities.

What is Android Xiny?

Android Xiny is a malware that enters the device, removes the preinstalled applications that controls the root privilege access, after removing those applications, Android Xiny gets root access to the device. Also, the attackers will gain complete control of the device, so they can launch more malware and targeted attacks in the future. 

Attackers are benefited through pay-per-install referral campaign, and once they successfully install Android Xiny in older Android versions (5.1 and below), this malware will remove the preinstalled applications and alter the library file libc.so thus preventing the device from installing the applications again.

It also updates “/system/bin/debuggerd and /system/bin/ddexe” for launching itself automatically. 

Why is Android Xiny harmful?

Though most of the users have upgraded their Android versions to the latest ones, it is mentioned that around 25% of them are still below version 5.1. When this malware was first observed in 2015, it was capable of remote access, spying on keyboard inputs, collecting device data, DoS attacks and deploying more malware. While the current version is objective is to gain root access, it should be noted that this version of Android Xiny comes with self defense mechanism. 

The alteration of files, by restricting the end user from installing the root privilege linked applications shows the harmfulness of this malware. In addition to those modifications, Xiny also alters mount, execve, execv, execle, execlp, execl, and execvp.

How to neutralize Android Xiny?

Firstly, users can try to reflash their device with the right firmware (subject to availability). Secondly, users can try their luck with library files, as the trojans do access executable codes and not the library. Thirdly, use a Trojan component that provides root access to other components. Users can circumvent the modified mount routine, by using the ‘magic’ mountflags value or directly invoke the targeted device.

Please remember the reflash of your device will erase all data stored in it, so do backup your data and applications before the reflash.