XLoader Malware Poses New Android Threat, Secretly Targets Photos, Texts, Contacts, and More
Austin JayIn the ever-evolving landscape of mobile security threats, a new XLoader malware, MoqHao, has emerged, posing a significant risk to Android users. This malware, operated by the financially motivated threat actor 'Roaming Mantis,' can now auto-execute after installation, requiring no user interaction. The implications are dire as it can stealthily operate in the background, compromising sensitive user information.
Recent variants of XLoader can launch automatically after installation, as reported by McAfee, an Android's App Defense Alliance partner. This feature allows the malware to run undetected, making it even more dangerous than its predecessors. The auto-execution capability poses a severe threat as the malware operates silently, extracting sensitive data such as photos, text messages, contact lists, and hardware information without requiring input from the victim.
The malicious apps send permission requests pretending to come from Google Chrome, requesting permission to send and view SMS (text) messages and asking permission to keep "Chrome" running in the background. And the coup de grace is permission to make "Chrome" your default SMS app.
Once it gets all of these permissions, the malware is used to send photos, text messages, contact lists, and info on the hardware you are using (including your phone's unique IMEI number) to the control server. Yes, it is terrifying.
The infection chain typically starts with text messages containing shortened URLs that lead to sites delivering Android APK installation files. XLoader employs Unicode strings to disguise these malicious APKs, often mimicking legitimate software like the Chrome web browser.
Using Unicode strings aids in evading detection, making it challenging for users to differentiate between legitimate and malicious applications.
To further enhance its deceptive tactics, XLoader sends fake permission requests designed to appear as if they are coming from Google Chrome. Victims are tricked into granting permission to send and view SMS messages, run in the background, and even make 'Chrome' their default SMS app. The malware uses these permissions to exfiltrate sensitive user data to a control server.
The pop-up messages used in this step are available in English, Korean, French, Japanese, German, and Hindi, which indicates XLoader's current targets.
Also Read: AI Security Pact: US, UK, And Other Countries Sign 'Secure By Design' Agreement
XLoader's recent iteration introduces new commands, expanding its capabilities. The malware creates notification channels for custom phishing attacks, extracting messages and URLs from Pinterest profiles. This dynamic approach allows attackers to switch phishing destinations seamlessly. In case of failure, the malware resorts to hardcoded phishing messages related to banking issues, prompting users to take action.
The most critical XLoader commands include 'get_photo,' which transmits all photos to the control server, risking significant privacy breaches, and 'getSmsKW,' which sends all SMS messages to the control server, potentially exposing sensitive information.
The malware can also execute commands to send SMS messages, export the entire contacts list, collect device identifiers, and facilitate HTTP requests for downloading malware, data exfiltration, or communication with the command and control server.
While the threat is severe, Android devices with Google Play Services are equipped with Google Play Protect, which offers protection against XLoader. It is crucial to keep devices updated and refrain from clicking on suspicious links, especially those received via text messages. Users are advised to avoid sideloading apps and grant app permissions cautiously.
The growing sophistication of the XLoader malware emphasizes how important it is to remain vigilant and put comprehensive security measures in place. Users must put cybersecurity first to safeguard their data and maintain the integrity of their equipment, particularly in light of the growing threat from mobile devices.
By updating devices regularly, exercising caution when granting permissions, and relying on reputable program suppliers, one can lessen the risks associated with sophisticated malware like XLoader.
Related Article: First-Ever Trojan In IOS Discovered, Stealing Face ID Data For Bank Account Intrusion
most read
related stories
more stories from News
Google teases a new AI camera feature ahead of I/O 2024, offering real-time contextual recognition and voice interaction on Pixel devices. Discover how this innovative technology enhances your mobile experience.
ernest hamiltonDiscover the latest insights into Apple's highly anticipated iPhone 16 Pro, from its innovative display and camera advancements to powerful performance and software integration. Stay informed as anticipation builds for the official unveiling.
ernest hamiltonDiscover how a groundbreaking breakthrough in phononics is poised to revolutionize wireless technology, making devices smaller and more efficient. Explore the potential of giant phononic nonlinearities and their implications for consumer electronics. Dive into the future of connectivity today!
ernest hamiltonExplore the potential impact of Apple's collaboration with OpenAI on iOS 18. From enhanced messaging to smarter voice assistants, dive into the future of AI-powered experiences. Stay informed—read on
ernest hamiltonDiscover innovative post ideas and expert tips to engage your audience and drive sales. Read now and make this Mother's Day unforgettable!
ernest hamiltonUnveiling OnePlus' controversial move! Are they really sneaking unwanted apps onto their latest flagship phones? Read now for all the details about this bloatware!"
ernest hamiltonDiscover the ultimate arsenal of digital tools for modern moms! Explore this curated list of 10 essential smartphone apps designed to simplify parenting tasks, organizing schedules, tracking developmental milestones and discovering family-friendly activities.
ernest hamiltonDiscover the latest Google Pixel update! Get the scoop on security, stability, and build numbers. Don't miss out, read now to know how you can elevate your Pixel experience.
ernest hamilton