fbpx
Blog

JensenIT Blog

JensenIT has been serving the Illinois area since 1991, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

XLoader Android Malware Runs in the Background and Steals Your Data

XLoader Android Malware Runs in the Background and Steals Your Data

Mobile malware isn’t common, but it’s growing increasingly more so. You may have heard of a malware called XLoader, which has been used to victimize people in over seven countries. This mobile threat has seen various iterations over the past several years, but you should be especially concerned these days.

This threat targets Android devices, and since Android makes up a significant portion of the smartphone market share, there is no shortage of victims to be had. Android malware typically works when the file is opened by the user, and it cannot run in the background until it has been. However, XLoader is a bit different and—admittedly—scarier in how it operates. 

It can actually launch itself automatically, which is a major problem.

Not only can it launch itself automatically under the right circumstances, but it can also run in the background, allowing it to do all kinds of malicious things. XLoader can extract data from any infected device. Some of this data includes potentially sensitive files such as photos, text messages, contact lists, hardware information, and so on.

The threat was first discovered by security company McAfee, which reported that the threat spreads through shortened URLs in phishing text messages. The user has a harder time identifying potentially malicious URLs when it’s condensed into a shortened one, and when the user clicks on the link, they are taken to a download for an Android APK file. These files are typically used to sideload an app without downloading them directly from the Play Store. When users install the app, they infect their Android device with the threat.

To keep itself hidden from the user, the app will impersonate Google Chrome and request permissions that it does not need, like accessing text messages and running in the background. The user will then assign it to be the default SMS app, further enabling its debauchery. XLoader can extract even more phishing messages and malicious links from Pinterest profiles, sending the links to the infected smartphone so that it can remain undetected.

The wild part of this is that the threat uses hard-coded phishing messages to trick the user into clicking on malicious links under the guise of bogus allegations of bank fraud. It only resorts to this if it cannot access Pinterest, however, but the fact that it has a failsafe makes this threat very sophisticated.

A good way to limit your exposure to potential mobile threats like XLoader is to exclusively download reputable apps from the app store and avoid sideloading whenever possible. You should also enable Google Play Protect if it’s not already enabled.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

For more updates on the latest threats and vulnerabilities, be sure to keep an eye on our blog.

3 IT Metrics to Pay Attention To
Did You Know? Big Tech Companies Don’t Care About ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, November 24, 2024

Captcha Image

Customer Login


Latest Blog

Spoiler alert: a business that lacks productivity is unlikely to see any amount of success. One of the best ways to ensure your productivity is to practice patience. How can patience improve your productivity?

Contact Us

Learn more about what JensenIT can do for your business.

JensenIT
1689 Elk Blvd
Des Plaines, Illinois 60016

Sign up for our Newsletter!

Hey! Before you go, subscribe to our newsletter for IT tech tips and advice!