1 out of 4 Android users might be a victim of this Malware

For any user, there’s nothing scarier than not being able to control your own phone after being attacked by malware.

Different companies try on a variety of software to block the attacks of such malware but after some time, the malware usually comes back in a more updated form.

There’s a new Android Malware named Xiny Trojan that removes bloatware apps without user knowledge at all.

Back in 2015, this Android Trojan was first spotted and now it is back after five years with more capabilities than ever.

This updated Android malware now easily uninstalls preloaded apps so that the malware can perform its own tasks on those spaces.

According to an analysis by Dr. Web, this Android.Xiny Trojan usually targets Android users with older software typically including Android 5.1 (AKA Lollipop) or below versions of it (including Jelly Bean and KitKat).

If you take a look at this malware as it only targets Android 5.1 or below users you might just not consider it as a big deal but according to the data shared by Google last year, more than 25 percent of Android devices are still running on Android 5 or earlier versions, which means 1 out of 4 Android users (or 625 million out of 2.5 Billion devices) are still exposed to the attack of Android.Xiny.

The updated version of this malware continues to have the same feature like of the previous version which includes installing of apps without user authorization but an extra feature this Android holds is the ability to obtain root access on the compromised Android devices which enables the malware to launch automatically even if the user boots the device. Android.Xiny does this trick by replacing the system files to /system/bin/debuggerd and /system/bin/ddexe and after that, the malware waits for the instructions from the server of commands and control.

The malware also sets some new rules in the library file lbs. to block the users from reinstalling the apps that malware has deleted.


The pre-loaded apps installed on Android devices can also be used by attackers to generate revenue based on the pay-per-install referral programs as well.

The reason behind deleting installed apps from the smartphones is usually to enable the malware with root access making it much harder for owners to remove the malware from their devices.

Usually, the attackers install tons of apps on the compromised devices to reduce its performance and making it impossible to use but you don’t have to worry anymore as there’s a way to remove this malware from your device.

The removal of the malware of Android.Xiny is a difficult thing to do as you can completely flash clean the ROM of your device and start as a new on your compromised device. In order to reflash your device, usually, backups are recommended but sometimes the removal of the Android.Xiny attacks can also result in the loss of all your precious data.

The second option to remove the malware is by reobtaining root access to your device. To gain root access you can rely on a variety of exploits implemented in the library files as the library code can’t be blocked by the Trojan or else you can use the component of Trojan that provides access to root to its other components.

625 million Android users might be a victim of this Malware
Photo: Getty

Read next: Beware of These 30 Selfie Apps in Google Play Store That Are Being Used To Collect Android Users Data With Malware
Previous Post Next Post