Welcome to the First Column IT Tech Blog

HomeBlog
New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

February 28, 2024

If you’re in the know about cybersecurity and, specifically, mobile malware, you might have heard the name XLoader in the past. The malware has gone through considerable versions and variations, allowing it to steal information from users in more than seven countries, but the most recent is incredibly scary.

Android encompasses a significant portion of the smartphone operating system market share, and any attack that targets it should be taken seriously. Normally, an Android malware first needs to be opened by the user for it to work. You open the infected app or file, which then launches the malware. However, this new version of XLoader is a bit different in that it can launch automatically.

Unfortunately, this new variant of XLoader can run in the background, meaning that the app doesn’t even have to be opened for it to run and perform all of its nasty tricks. It can extract data from infected devices relatively easily, including photos, text messages, contact lists, hardware information, and so much more.

According to McAfee, which discovered the malware, the threat spreads by shortened URLs in malicious text messages. These shortened URLs are designed to make detection more difficult for the user. If the user opens the link on their device, they’ll be prompted to download the Android APK file, which is a way to sideload apps on a device without installing them through the Google Play Store. If users install the app, they’ll find themselves with an infected Android device.

To avoid detection, the app impersonates Google Chrome and asks the user for permissions like sending and viewing text messages and running in the background. It will also ask users to assign it as the default SMS app. Furthermore, XLoader can extract more phishing messages and malicious links from Pinterest profiles. It will send the links to the infected smartphone in an effort to stay undetected.

Here’s the crazy part: the threat can use hard-coded phishing messages to trick the user into clicking on malicious links with bogus allegations of bank fraud if it cannot access Pinterest for whatever reason. It’s a very intelligent threat that has evolved over time, and it must be taken seriously.

You can limit the amount of risk associated with mobile malware like XLoader by avoiding sideloading apps in the first place and limiting the number of apps you download from the app store. Furthermore, we always recommend that you make sure Google Play Protect is enabled on your device.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

Be sure to educate your users about this threat and all other types of mobile malware, and take measures now to protect your business by calling First Column IT at (571) 470-5594.

Previous Post
September 6, 2024
Three Ways SMBs Combat Mobile Malware
Mobile malware might not have a lot of attention on it, but it can be a significant problem for organizations that rely on smartphones. This goes double for small businesses that typically don’t have the large teams and big budgets for their mobile strategies that include devices, data and phone plans, and security controls. Today, we’ll look at mobile malware and how an organization with a limited budget can keep it from impacting its business.
September 4, 2024
You Should Be Aware of These Two Productivity Pitfalls
Technology has empowered us to achieve more than ever, but with that progress comes increased expectations for everyone. This means greater productivity, and the pressure to perform can be relentless at times, making it crucial to find efficient ways to manage our tasks. Unfortunately, there is a natural limit to how much we can accomplish, and certain challenges can push us to that limit faster. Today, we want to explore two of the most common productivity pitfalls.
September 2, 2024
Cybersecurity Solutions for Remote and Hybrid Work
Remote work has been a mainstay in most businesses’ standard operating procedures in at least some capacity, but it opens up a nasty can of worms regarding cybersecurity. If cybersecurity is not your top priority, and you have remote or hybrid employees, we need to have a talk—and probably a hard one.

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here