Cybersecurity experts at McAfee recently uncovered a more perilous version of the Android virus XLoader. This new variant exhibits the ability to autonomously launch on infected devices without requiring any user interaction.
XLoader’s Malicious History:
The XLoader, or MoqHao, malicious application family, with origins dating back to 2015, is attributed to the hacker group Roaming Mantis. Incidents of device infections have been documented in various countries, including France, Germany, Japan, Korea, Taiwan, the UK, and the USA.
Innovative Tactics and Risks:
The latest modification of the virus is disseminated through text messages containing a link to download malware. Unlike previous versions, the new iteration only necessitates installation on the device to initiate its operations discreetly in the background. Disguised as Google Chrome, the application solicits several permissions, such as becoming the default messaging app to combat spam.
Upon gaining permissions, XLoader initiates deceptive applications, presenting false issues like bank account troubles to manipulate users into clicking malicious links. Moreover, the virus can remotely execute about 20 commands, including sending photos and messages to the attackers’ server, communicating with contacts, and downloading additional malicious programs, adds NIXsolutions.
Security Measures and Future Protections:
Devices equipped with active Google Play Protect (verifiable on Google Play) are deemed immune to the new virus, according to experts. Furthermore, Google is actively developing safeguards against XLoader in the forthcoming Android version.