Be careful of xLoader malware on Android! Difficult to detect, it is capable of stealing personal information on your device in just a few minutes, without you even opening it. A simple link is enough!

Be careful of xLoader malware on Android Difficult to detect

Be careful of xLoader malware on Android! Difficult to detect, it is capable of stealing personal information on your device in just a few minutes, without you even opening it. A simple link is enough!

To trap more and more victims, hackers strive to ensure that their malware is as undetectable as possible, both for users and for protection programs. If there is one virus whose effectiveness is no longer in doubt, it is xLoader – it is also known as MoqHao in some countries. Active since 2015, it has been available over the years in different variants, so much so that it can now attack Android devices as well as systems using macOS or Windows. It targets many users in several countries around the world, including France, Germany, the United States and South Korea, stealing contacts, videos, photos, SMS and a large number of data directly stored in the devices it infects.

Normally, this malware requires the victim to launch the program to work. Unfortunately, researchers McAfee discovered that he has finally broken free of this final stage, making him more dangerous than ever. The virus, difficult to detect, can infiltrate Android smartphones and steal the victim’s personal information in just a few minutes, without even needing to be opened. Yes, you read correctly: no need to open the compromised application for the hacking to begin…

Android xLoader: almost undetectable malware

The danger with xLoader is that it is not only spread through the installation of infected applications. Indeed, it is also distributed via shortened links, generally hidden behind messages from friends, unknown numbers or even tempting promotions. For example, it could be a seemingly legitimate text message from a delivery service saying you weren’t there to receive a package.

This message contains a shortened link and, if you are unfortunate enough to press it, you will immediately start downloading APK files. Understand: the malware installs and corrupts your device, without you needing to open the downloaded application. And if you do, the virus impersonates the Chrome browser so that you grant it even more intrusive permissions. The vicious trick is that the malware uses the slightly distorted Chrome name to deceive its prey, with a bold or italicized letter that can go unnoticed during a quick reading of the authorization request. Clever! Subsequently, it will hide behind icons resembling those of legitimate applications, which makes it difficult to spot, and therefore difficult to remove.

© McAfee

Also, to avoid falling victim to xLoader, do not open links from unknown or suspicious sources. If you receive a message containing a link, double-check with the sender that everything is legitimate before opening it. Be particularly wary of overly attractive promotions or messages imitating those of official organizations, as these are often phishing attempts. Of course, be careful about the applications you download, including from the Play Store, which, despite Google’s best efforts, contains many corrupted apps. For its part, the internet giant is considering adding additional regulations for APK downloads to combat malicious content. Also, shortly, the installation will not launch if the APK does not meet the operating system requirements. Finally, use an antivirus in the background to ensure that malicious behavior is not taking place in the background.

ccn5