Welcome to the First Column IT Tech Blog

HomeBlog
New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

February 28, 2024

If you’re in the know about cybersecurity and, specifically, mobile malware, you might have heard the name XLoader in the past. The malware has gone through considerable versions and variations, allowing it to steal information from users in more than seven countries, but the most recent is incredibly scary.

Android encompasses a significant portion of the smartphone operating system market share, and any attack that targets it should be taken seriously. Normally, an Android malware first needs to be opened by the user for it to work. You open the infected app or file, which then launches the malware. However, this new version of XLoader is a bit different in that it can launch automatically.

Unfortunately, this new variant of XLoader can run in the background, meaning that the app doesn’t even have to be opened for it to run and perform all of its nasty tricks. It can extract data from infected devices relatively easily, including photos, text messages, contact lists, hardware information, and so much more.

According to McAfee, which discovered the malware, the threat spreads by shortened URLs in malicious text messages. These shortened URLs are designed to make detection more difficult for the user. If the user opens the link on their device, they’ll be prompted to download the Android APK file, which is a way to sideload apps on a device without installing them through the Google Play Store. If users install the app, they’ll find themselves with an infected Android device.

To avoid detection, the app impersonates Google Chrome and asks the user for permissions like sending and viewing text messages and running in the background. It will also ask users to assign it as the default SMS app. Furthermore, XLoader can extract more phishing messages and malicious links from Pinterest profiles. It will send the links to the infected smartphone in an effort to stay undetected.

Here’s the crazy part: the threat can use hard-coded phishing messages to trick the user into clicking on malicious links with bogus allegations of bank fraud if it cannot access Pinterest for whatever reason. It’s a very intelligent threat that has evolved over time, and it must be taken seriously.

You can limit the amount of risk associated with mobile malware like XLoader by avoiding sideloading apps in the first place and limiting the number of apps you download from the app store. Furthermore, we always recommend that you make sure Google Play Protect is enabled on your device.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

Be sure to educate your users about this threat and all other types of mobile malware, and take measures now to protect your business by calling First Column IT at (571) 470-5594.

TAGS
Android
TAGS
Security
TAGS
Malware
Previous Post
July 30, 2024
Generational Technology in the Workplace
If you don’t consider your job in terms of the technology you use, you may be missing out on just how much it has evolved in a relatively short time. Many people of different ages work today, and in this month’s newsletter, we thought we’d take a look at how some people view and interact with their professional technology. 
READ MORE
July 26, 2024
Amazon Web Services Offers a Plethora of Solutions for SMBs
Cloud computing has allowed businesses to scale unlike any time before, all without breaking the budget. One such cloud provider is Amazon, and its Amazon Web Services platform allows businesses to manage their cloud computing needs. Today, we’re exploring some of the ways that AWS aids businesses with varied cloud computing needs.
READ MORE
July 25, 2024
Your Password Has Been Stolen. Period.
That’s not hyperbole. This isn’t some click-bait title to try to get you to care about cybersecurity. A password you use has certainly been stolen, and statistically, more than one of your passwords has likely been compromised.
READ MORE

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here
About us
First Colum IT

The dedicated team at First Column IT focuses on furnishing complete technology solutions throughout the Virginia, Washington D.C., and Maryland area. We construct advanced cybersecurity, managed IT support, IT consulting, and compliance management solutions for those who depend on technology to provide exceptional service to their clients. We handle the complexities of technology so your business can thrive.

ADDRESS
8462 Virginia Meadows Dr
Manassas, VA 20109
PHONE
Existing Customers: (703) 880-6683New Customers: (571) 200-4415
SOCIAL
Support
Request SupportRequeste A QuoteContact us

Copyright © First Column IT -  (Privacy)