Welcome to the First Column IT Tech Blog

HomeBlog
New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

New Variant of XLoader Malware Runs in the Background and Steals Your Photos, Texts, and Other Data

February 28, 2024

If you’re in the know about cybersecurity and, specifically, mobile malware, you might have heard the name XLoader in the past. The malware has gone through considerable versions and variations, allowing it to steal information from users in more than seven countries, but the most recent is incredibly scary.

Android encompasses a significant portion of the smartphone operating system market share, and any attack that targets it should be taken seriously. Normally, an Android malware first needs to be opened by the user for it to work. You open the infected app or file, which then launches the malware. However, this new version of XLoader is a bit different in that it can launch automatically.

Unfortunately, this new variant of XLoader can run in the background, meaning that the app doesn’t even have to be opened for it to run and perform all of its nasty tricks. It can extract data from infected devices relatively easily, including photos, text messages, contact lists, hardware information, and so much more.

According to McAfee, which discovered the malware, the threat spreads by shortened URLs in malicious text messages. These shortened URLs are designed to make detection more difficult for the user. If the user opens the link on their device, they’ll be prompted to download the Android APK file, which is a way to sideload apps on a device without installing them through the Google Play Store. If users install the app, they’ll find themselves with an infected Android device.

To avoid detection, the app impersonates Google Chrome and asks the user for permissions like sending and viewing text messages and running in the background. It will also ask users to assign it as the default SMS app. Furthermore, XLoader can extract more phishing messages and malicious links from Pinterest profiles. It will send the links to the infected smartphone in an effort to stay undetected.

Here’s the crazy part: the threat can use hard-coded phishing messages to trick the user into clicking on malicious links with bogus allegations of bank fraud if it cannot access Pinterest for whatever reason. It’s a very intelligent threat that has evolved over time, and it must be taken seriously.

You can limit the amount of risk associated with mobile malware like XLoader by avoiding sideloading apps in the first place and limiting the number of apps you download from the app store. Furthermore, we always recommend that you make sure Google Play Protect is enabled on your device.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

Be sure to educate your users about this threat and all other types of mobile malware, and take measures now to protect your business by calling First Column IT at (571) 470-5594.

TAGS
Android
TAGS
Security
TAGS
Malware
Previous Post
August 22, 2025
The IT Safety Lecture
The more IT you use, the more conscientious you have to be to ensure that an action you—or your staff—takes doesn’t unwittingly put your business at risk. Today, we’ll go through some ways for you to do your best to stay secure. Let’s get started.
READ MORE
August 21, 2025
Best Practices to Deal with Your Tech Troubles
Navigating the unpredictable waters of business technology can feel like that game you’d find in an old arcade: Whack-a-mole. One moment, everything's running smoothly, and the next, your critical systems are down, leaving you in a bind. This month, we wanted to talk about how your reaction to problems can go a long way toward determining the end result of your experiences. 
READ MORE
August 20, 2025
The End of Busywork: How to Streamline Your Business Operations
The day-to-day work of running a business can feel overwhelming. With overflowing inboxes, endless to-do lists, and scattered information, it's easy to get lost in the details. With the right tools, however, you can turn those tedious tasks into streamlined workflows, giving you and your team more time and clarity. This month, let's explore some of the technology that can help take the stress out of your daily grind.
READ MORE

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here
About us
First Colum IT

The dedicated team at First Column IT focuses on furnishing complete technology solutions throughout the Virginia, Washington D.C., and Maryland area. We construct advanced cybersecurity, managed IT support, IT consulting, and compliance management solutions for those who depend on technology to provide exceptional service to their clients. We handle the complexities of technology so your business can thrive.

ADDRESS
8462 Virginia Meadows Dr
Manassas, VA 20109
PHONE
Existing Customers: (703) 880-6683New Customers: (571) 470-5594
SOCIAL
Support
Request SupportRequest A QuoteContact us

Copyright 2025 © First Column IT -  (Privacy)