Anti-virus company Dr Web has discovered a new type of malware that replaces pre-installed apps and system files on older Android devices with malicious applications.
Android.Xiny is a trojan specifically aimed at devices that use older versions of Android – in the case of this exploit, version 5.1 and older.
According to Dr Web, 26.1% of all Android devices use Android versions 4 or 5, meaning this exploit can target a large number of devices.
Android.Xiny gains root access to the target device and then replaces system files. This allows it to launch malware automatically – even after the device is restarted.
Through this, the exploit can install many applications that are theoretically harmless, but due to the performance requirements of running these apps at the same time, can result in a device becoming non-operational.
Alternatively, this trojan can install other dangerous malware.
Getting rid of Android.Xiny
Because Android.Xiny removes apps that would offer the user root access to their device, it is difficult to get rid of it.
“If your device has been infected by a trojan of this kind, we recommend that you reflash your device with official firmware. However, don’t forget that reflashing a device deletes all user files and apps, so create backups before you proceed.”
Alternatively, users can attempt to regain root access to their device using more complex techniques.
“To gain root access, one can resort to exploits that are implemented as library files. Unlike executable code, library code won’t be blocked by the trojan. Another option is to use the trojan component that grants root permissions to its other components,” said Dr Web.