Welcome to the First Column IT Tech Blog

HomeBlog
New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

February 28, 2024

If you’re in the know about cybersecurity and, specifically, mobile malware, you might have heard the name XLoader in the past. The malware has gone through considerable versions and variations, allowing it to steal information from users in more than seven countries, but the most recent is incredibly scary.

Android encompasses a significant portion of the smartphone operating system market share, and any attack that targets it should be taken seriously. Normally, an Android malware first needs to be opened by the user for it to work. You open the infected app or file, which then launches the malware. However, this new version of XLoader is a bit different in that it can launch automatically.

Unfortunately, this new variant of XLoader can run in the background, meaning that the app doesn’t even have to be opened for it to run and perform all of its nasty tricks. It can extract data from infected devices relatively easily, including photos, text messages, contact lists, hardware information, and so much more.

According to McAfee, which discovered the malware, the threat spreads by shortened URLs in malicious text messages. These shortened URLs are designed to make detection more difficult for the user. If the user opens the link on their device, they’ll be prompted to download the Android APK file, which is a way to sideload apps on a device without installing them through the Google Play Store. If users install the app, they’ll find themselves with an infected Android device.

To avoid detection, the app impersonates Google Chrome and asks the user for permissions like sending and viewing text messages and running in the background. It will also ask users to assign it as the default SMS app. Furthermore, XLoader can extract more phishing messages and malicious links from Pinterest profiles. It will send the links to the infected smartphone in an effort to stay undetected.

Here’s the crazy part: the threat can use hard-coded phishing messages to trick the user into clicking on malicious links with bogus allegations of bank fraud if it cannot access Pinterest for whatever reason. It’s a very intelligent threat that has evolved over time, and it must be taken seriously.

You can limit the amount of risk associated with mobile malware like XLoader by avoiding sideloading apps in the first place and limiting the number of apps you download from the app store. Furthermore, we always recommend that you make sure Google Play Protect is enabled on your device.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

Be sure to educate your users about this threat and all other types of mobile malware, and take measures now to protect your business by calling First Column IT at (571) 470-5594.

TAGS
Android
TAGS
Security
TAGS
Malware
Previous Post
September 23, 2025
4 Ways Technology Helps Pinpoint and Solve Inefficiencies
Inefficiency is a common and frustrating problem for many businesses, but it doesn't have to be. Modern technology offers powerful solutions to help you identify and eliminate these productivity problems. By finding the right technology, you can transform how your business operates and achieve a higher level of performance. Here are four effective ways to use technology to find and fix inefficiencies within your organization.
READ MORE
September 20, 2025
The Hidden Dangers of Vendor Data Access
Every business relies on vendors for a lot: software, services, you name it. They’re a huge part of our businesses’ ability to meet the market’s demands. The way business is done today, in order for them to do their job, they often need access to our data; but, just like you wouldn’t hand over your house keys to a stranger, you shouldn’t just hand over the keys to your data to every vendor without a second thought. When you give vendors broad, indiscriminate access, you're opening the door to some seriously bad situations.
READ MORE
September 18, 2025
The Power of Your Pocket Office
Smartphones have evolved from simple communication devices into powerful, portable command centers that are fundamentally changing the way businesses operate. In today’s fast-paced, mobile-first world, they are no longer a luxury but a critical tool for success.
READ MORE

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here
About us
First Colum IT

The dedicated team at First Column IT focuses on furnishing complete technology solutions throughout the Virginia, Washington D.C., and Maryland area. We construct advanced cybersecurity, managed IT support, IT consulting, and compliance management solutions for those who depend on technology to provide exceptional service to their clients. We handle the complexities of technology so your business can thrive.

ADDRESS
8462 Virginia Meadows Dr
Manassas, VA 20109
PHONE
Existing Customers: (703) 880-6683New Customers: (571) 470-5594
SOCIAL
Support
Request SupportRequest A QuoteContact us

Copyright 2025 © First Column IT -  (Privacy)