The XLoader malware has been making the rounds in North America, Europe as well as East Asia for quite some time now, but a new version that recently came out might be even more dangerous than might have been the case otherwise. After it was discovered, researchers at McAfee noted that this malware was capable of launching itself without any interaction required from users, which is dangerous because of the fact that this is the sort of thing that could potentially end up allowing it to run undetected in the background.
With all of that having been said and now out of the way, it is important to note that malicious actors are trying to distribute this malware through SMS texts. These messages come with a link that is supposedly meant to give the recipient access to an Android APK installation file, but in spite of the fact that this is the case, its true purpose is to deliver the malware payload.
Created by the malicious actor named Roaming Mantis, this malware sends you a prompt asking to let you run the app in the background. The notification includes unicode strings that allow it to pose as well known apps such as Google Chrome, and if the user agrees, it can create an exception to the battery optimization feature on Android thereby enabling it to run permanently in secret with all things having been considered and taken into account.
Another aspect of the attack involves asking users to set this bogus app as their default SMS app. This is justified by the claim that doing so will reduce spam, but at the end of the day, it’s just a way to gain more control over the device and obtain as much private and personal data as possible.
The new version of the XLoader malware also continues the trend of sending hardcoded phishing messages that seemingly come from the user’s bank. They require the user to take action, but this only leads to their log in credentials ending up in the wrong hands which can result in tremendous financial losses down the line.
Photo: DIW - AIgen
Read next: Google Reveals Gemini Chatbot Stores Conversations Separately, Raises Security Questions
With all of that having been said and now out of the way, it is important to note that malicious actors are trying to distribute this malware through SMS texts. These messages come with a link that is supposedly meant to give the recipient access to an Android APK installation file, but in spite of the fact that this is the case, its true purpose is to deliver the malware payload.
Created by the malicious actor named Roaming Mantis, this malware sends you a prompt asking to let you run the app in the background. The notification includes unicode strings that allow it to pose as well known apps such as Google Chrome, and if the user agrees, it can create an exception to the battery optimization feature on Android thereby enabling it to run permanently in secret with all things having been considered and taken into account.
Another aspect of the attack involves asking users to set this bogus app as their default SMS app. This is justified by the claim that doing so will reduce spam, but at the end of the day, it’s just a way to gain more control over the device and obtain as much private and personal data as possible.
The new version of the XLoader malware also continues the trend of sending hardcoded phishing messages that seemingly come from the user’s bank. They require the user to take action, but this only leads to their log in credentials ending up in the wrong hands which can result in tremendous financial losses down the line.
Read next: Google Reveals Gemini Chatbot Stores Conversations Separately, Raises Security Questions
