Xiny is a Trojan that affects Android systems’ processes, gaining administrator rights from users to steal information and control certain aspects of the device. When Xiny first surfaced, the Trojan would trick users by giving apps root privileges in order to function, leading to the user giving Xiny admin rights. This would allow the malware to install other apps without user permission, show ads, and steal data from the device and hide it within PNG images. Now a new version of this malware has been released and this version does not trick the user but instead gains admin rights by force. This Trojan now gains privileges by rooting the device and installing rogue modules inside the Android system directories while infecting Zygote, one of Android’s core processes. By infecting Zygote, this malware is then able to infect the Google Play app as well as download additional apps to the device without the user’s consent. This also allows Xiny to tamper with IM chat applications, allowing the Trojan to intercept and send messages. Banking and other financial apps are also targeted, showing fake login pages in order to gain users’ credentials. No distributions of these malware modules have been observed now but they could be created at any time.


  • September 2016: Xiny first emerged in 2015 and is currently being distributed through websites and official application stores. (SecurityWeek)
  • September 2016: Xiny has learned how to infect system processes. (Dr. Web)
Android MalwareNJCCIC