Welcome to the First Column IT Tech Blog

HomeBlog
New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

February 28, 2024

If you’re in the know about cybersecurity and, specifically, mobile malware, you might have heard the name XLoader in the past. The malware has gone through considerable versions and variations, allowing it to steal information from users in more than seven countries, but the most recent is incredibly scary.

Android encompasses a significant portion of the smartphone operating system market share, and any attack that targets it should be taken seriously. Normally, an Android malware first needs to be opened by the user for it to work. You open the infected app or file, which then launches the malware. However, this new version of XLoader is a bit different in that it can launch automatically.

Unfortunately, this new variant of XLoader can run in the background, meaning that the app doesn’t even have to be opened for it to run and perform all of its nasty tricks. It can extract data from infected devices relatively easily, including photos, text messages, contact lists, hardware information, and so much more.

According to McAfee, which discovered the malware, the threat spreads by shortened URLs in malicious text messages. These shortened URLs are designed to make detection more difficult for the user. If the user opens the link on their device, they’ll be prompted to download the Android APK file, which is a way to sideload apps on a device without installing them through the Google Play Store. If users install the app, they’ll find themselves with an infected Android device.

To avoid detection, the app impersonates Google Chrome and asks the user for permissions like sending and viewing text messages and running in the background. It will also ask users to assign it as the default SMS app. Furthermore, XLoader can extract more phishing messages and malicious links from Pinterest profiles. It will send the links to the infected smartphone in an effort to stay undetected.

Here’s the crazy part: the threat can use hard-coded phishing messages to trick the user into clicking on malicious links with bogus allegations of bank fraud if it cannot access Pinterest for whatever reason. It’s a very intelligent threat that has evolved over time, and it must be taken seriously.

You can limit the amount of risk associated with mobile malware like XLoader by avoiding sideloading apps in the first place and limiting the number of apps you download from the app store. Furthermore, we always recommend that you make sure Google Play Protect is enabled on your device.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

Be sure to educate your users about this threat and all other types of mobile malware, and take measures now to protect your business by calling First Column IT at (571) 470-5594.

TAGS
Android
TAGS
Security
TAGS
Malware
Previous Post
April 30, 2025
How to Break the “Who Cares” Mindset
More often than not, you have an employee on staff who rolls their eyes whenever you have to send out another cybersecurity email or reminder. This “who cares” mindset is dangerous and can infect your business in a profoundly disturbing way. Today, we want to get into why this “who cares” mindset is so dangerous and what’s really at stake when you have an employee who can’t get on board with your security policies.
READ MORE
April 28, 2025
Learn How Resilience is Reshaping the Cybersecurity Landscape
While the goal of cybersecurity is always to prevent threats from taking advantage of your infrastructure, this is becoming more and more challenging as time wears on and threats evolve to changes in cybersecurity discourse. A recent podcast episode from Illumio, “Trust & Resilience: The New Frontlines of Cybersecurity,” explores how trust has become a vulnerability that attackers exploit in new and creative ways. How can cybersecurity as an industry pivot in response to this trend?
READ MORE
April 25, 2025
Everything You Need to Know About Business Tech Updates
While technology is an important part of your business, it shouldn’t be distracting you from carrying out your company’s mission. Indeed, it can be difficult to stay up-to-date on the latest practices and solutions, and it can feel impossible to keep up. While you could adopt the “good enough” policy that many businesses settle for, we think you should take a different approach—one that will make you impossible to compete with if carried out appropriately.
READ MORE

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here
About us
First Colum IT

The dedicated team at First Column IT focuses on furnishing complete technology solutions throughout the Virginia, Washington D.C., and Maryland area. We construct advanced cybersecurity, managed IT support, IT consulting, and compliance management solutions for those who depend on technology to provide exceptional service to their clients. We handle the complexities of technology so your business can thrive.

ADDRESS
8462 Virginia Meadows Dr
Manassas, VA 20109
PHONE
Existing Customers: (703) 880-6683New Customers: (571) 470-5594
SOCIAL
Support
Request SupportRequest A QuoteContact us

Copyright 2025 © First Column IT -  (Privacy)