Beware of a new Android threat targeting your photos and texts without even opening them

Another day, another malware threat is trying to get your data. Well, brace yourself, because there’s a virus that’s been around for a while that’s out there that’s gotten even worse. It’s called XLoader, and it’s after your photos and texts on your Android device. Yes, you heard that right. Your precious memories and messages are in danger of being snatched by this malicious software.

 

What is malware?

Malware is technically any software that’s designed to disrupt the system of its intended target. With malware, the person or entity behind the attack can gain access to your data, leak sensitive information, block you out, and take control of other aspects of your privacy and security.

 

MORE: TIPS TO FOLLOW FROM ONE INCREDIBLY COSTLY CONVERSATION WITH CYBERCROOKS

 

What is the XLoader malware strain?

According to McAfee, the XLoader malware — also known as MoqHao — has been around since 2015, targeting Android users in the U.S., Europe, and Asia. Once it’s on your device (which it’s gotten much better at doing), it’s able to run in the background, taking your sensitive data, whether it be photos, text messages, contact lists, hardware details, and more.

 

MORE: BEWARE OF NEW ANDROID MALWARE HIDING IN POPULAR APPS

 

How does XLoader get onto your device?

One of the reasons XLoader is such a major threat is because unlike its previous strains and other malware, it can get on your device that much easier than before. Generally, malware gets onto your device via a phishing scam. However, because people are more skeptical about opening or clicking on suspicious files or links — and because there are integrated apps that help warn you of these files — it’s more difficult for these traditional phishing scams to be effective, but XLoader has gotten clever.

 

First, you receive a text from an unknown sender

Like ordinary malware, XLoader often spreads through malicious links sent via text messages. This is a unique type of phishing scam known as “smishing.” But, scammers are aware that most people don’t click on texts from people they don’t know. So, another way they attempt to be successful at this is by first gaining access to a phone number that has your number in their contacts, and they target you that way. You won’t think twice when you receive a text from someone you know. Once it gets past this step, XLoader can get onto your Android device in two ways:

 

#1: You click on the link which leads to downloading the APK file

Next, the unsuspecting victim would see a link in the text message. The link may look less suspicious than typical malware links because they are typically shortened and look less spammy and more legitimate, like a link that someone you know would send you.

If you end up clicking on this link, it will direct you to download an Android APK file (standard file format for Android), which are files that are used to sideload apps outside the official Google Play Store. This method, therefore, bypasses Google’s security measures and increases the risk of malware infections. It can happen in a matter of seconds, and if you click “install,” then the XLoader malware will be on your phone before you know it.

Once the malicious APK is downloaded and installed, XLoader can launch on its own without any further action from the user, silently running in the background and performing its malicious activities.

 

#2: You launch the app yourself, but fall for a Google Chrome decoy

If you decide you want to launch the app directly on your own, XLoader is already there waiting for you by impersonating Google Chrome. When you click “launch”, the XLoader malware displays a very familiar-looking Chrome pop-up that will first ask you to grant it permissions by clicking “allow” or “deny”. If you click “Allow” (thinking it’ll lead you to the “app”), you’ll be unknowingly giving it access to your SMS.

Afterward, it will even display a pop-up that says, “Choose Chrome to prevent spam,” giving you two options — your default SMS app or Chrome. Because these decoy pop-ups replicate Google’s style completely, it gives the user a false sense of security that it can be trusted.

Once it’s there, it can grab your photos, texts, and other sensitive data on your Android, most of the time, without you even realizing it.

Credit: McAfee

 

How do I know if XLoader is already on my device?

XLoader, also known as MoqHao, is a type of malware that primarily targets Android devices. It’s typically not visible in your apps list and can often go undetected.  Here’s what you need to know:

Invisibility: XLoader is designed to be stealthy and can run in the background without being noticed. It’s not typically visible in your apps list.

Distribution: XLoader is mainly distributed via shortened URL links in text messages. When clicked, these links redirect you to a website to download an Android APK installation file for a mobile app.

Data Theft: Once installed, XLoader can steal your sensitive data, including photos, text messages, contact lists, and hardware details.

Detection: Detecting XLoader can be challenging without the help of antivirus software. Antivirus apps can scan your device for known malware signatures and behaviors, helping to identify and remove threats like XLoader.

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices

Removal: If XLoader is detected on your device, an antivirus app can often remove it. However, in some cases, you may need to perform a factory reset on your device to completely remove the malware.

Prevention: To prevent infection, avoid sideloading apps or opening short URLs in text messages. Be cautious while giving permissions to the apps you install.

 

6 ways to protect your Android from XLoader and other malware

Now that you know what XLoader is and how it gets onto your Android device, be sure not to click on any links in text messages that are unusual. If the text came from someone in your contacts, reach out to them directly (via phone call or messaging on another app) and confirm that they meant to send you it, before clicking on it. Here are some other ways to protect yourself from XLoader and other malware attempts.

1) Avoid sideloading apps and shortened URLs: Refrain from sideloading apps (installing apps from unofficial sources) and clicking on shortened URLs in messages, as these are common vectors for malware distribution.

2) Be careful granting permissions: Exercise caution when granting permissions to apps. The question is whether an app truly needs access to certain device functions or data.

3) Limit the apps you have on your phone: Sometimes, having a lot of apps on your phone can make it easy for you to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable.

4) Only download reputable apps: Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting “install.”

5) Don’t neglect software updates: Your phone has a way of keeping itself safe with software and security updates. Don’t forget to do them.

6) Have good antivirus software on all your devices: The best way to protect yourself from malware like this Xloader virus is to install antivirus protection on all your devices. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links that may install malware on your devices, allowing hackers to gain access to your personal information.

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices

Best Antivirus Protection 2024

 

 

Kurt’s key takeaways

Malware is, unfortunately, inevitable. As we become more educated about how to prevent these threats, the hackers creating them are always working on ways to outsmart us, while the malware itself becomes more sophisticated. This new strain of XLoader is just one example of that. And, while it’s currently focused on targeting Android users, it’ll likely be just a matter of time before it begins targeting Macs and other devices.

The best way to protect yourself, therefore, is to stay up-to-date with the latest cybersecurity trends and ensure your devices have good antivirus protection. Additionally, continue best practices for protecting yourself from suspicious links and downloads.

How stressed are you these days with malware like XLoader or other types of viruses trying to steal your data?  Should more be done to stop these crooks? Let us know in the comments below. 

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Massive data breach at federal credit union exposes 240,000 members

Here are 10 reasons you need a VPN at home

Unbeatable Holiday deals extended