Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, Bel Air and in and about Maryland since 2002.

XLoader Android Malware Runs in the Background and Steals Your Data

XLoader Android Malware Runs in the Background and Steals Your Data

Mobile malware isn’t common, but it’s growing increasingly more so. You may have heard of a malware called XLoader, which has been used to victimize people in over seven countries. This mobile threat has seen various iterations over the past several years, but you should be especially concerned these days.

This threat targets Android devices, and since Android makes up a significant portion of the smartphone market share, there is no shortage of victims to be had. Android malware typically works when the file is opened by the user, and it cannot run in the background until it has been. However, XLoader is a bit different and—admittedly—scarier in how it operates. 

It can actually launch itself automatically, which is a major problem.

Not only can it launch itself automatically under the right circumstances, but it can also run in the background, allowing it to do all kinds of malicious things. XLoader can extract data from any infected device. Some of this data includes potentially sensitive files such as photos, text messages, contact lists, hardware information, and so on.

The threat was first discovered by security company McAfee, which reported that the threat spreads through shortened URLs in phishing text messages. The user has a harder time identifying potentially malicious URLs when it’s condensed into a shortened one, and when the user clicks on the link, they are taken to a download for an Android APK file. These files are typically used to sideload an app without downloading them directly from the Play Store. When users install the app, they infect their Android device with the threat.

To keep itself hidden from the user, the app will impersonate Google Chrome and request permissions that it does not need, like accessing text messages and running in the background. The user will then assign it to be the default SMS app, further enabling its debauchery. XLoader can extract even more phishing messages and malicious links from Pinterest profiles, sending the links to the infected smartphone so that it can remain undetected.

The wild part of this is that the threat uses hard-coded phishing messages to trick the user into clicking on malicious links under the guise of bogus allegations of bank fraud. It only resorts to this if it cannot access Pinterest, however, but the fact that it has a failsafe makes this threat very sophisticated.

A good way to limit your exposure to potential mobile threats like XLoader is to exclusively download reputable apps from the app store and avoid sideloading whenever possible. You should also enable Google Play Protect if it’s not already enabled.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

For more updates on the latest threats and vulnerabilities, be sure to keep an eye on our blog.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

3 IT Metrics to Pay Attention To
Did You Know? Big Tech Companies Don’t Care About ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 14 April 2024

Captcha Image

Client Service Login

Latest News & Events

Columbia, MD - Dresner Group is proud to announce its sponsorship of the upcoming ABC Joint Tech Summit, a premier event hosted by the four local chapters of the Associated Builders and Contractors (ABC). The summit, spanning two days, will be held o...

Contact Us

Learn more about what Dresner Group can do for your business.

Copyright Dresner Group. All Rights Reserved.