The XLoader malware has a sneaky way of taking your data
Another day, another malware threat is trying to get your data.
Well, brace yourself, because there’s a virus that's been around for a while that's out there that’s gotten even worse.
It’s called XLoader, and it’s after your photos and texts on your Android device. Yes, you heard that right.
Your precious memories and messages are in danger of being snatched by this malicious software.
Android phone. (Kurt "CyberGuy" Knutsson)
What is malware?
Malware is technically any software that's designed to disrupt the system of its intended target. With malware, the person or entity behind the attack can gain access to your data, leak sensitive information, block you out and take control of other aspects of your privacy and security.
MORE: TIPS TO FOLLOW FROM ONE INCREDIBLY COSTLY CONVERSATION WITH CYBERCROOKS
What is the XLoader malware strain?
According to McAfee, the XLoader malware — also known as MoqHao — has been around since 2015, targeting Android users in the U.S., Europe and Asia. Once it's on your device (which it's gotten much better at doing), it's able to run in the background, taking your sensitive data, whether it be photos, text messages, contact lists, hardware details and more.
Hacker typing on a laptop. (Kurt "CyberGuy" Knutsson )
MORE: BEWARE OF NEW ANDROID MALWARE HIDING IN POPULAR APPS
How does XLoader get onto your device?
One of the reasons XLoader is such a major threat is because, unlike its previous strains and other malware, it can get on your device that much easier than before. Generally, malware gets onto your device via a phishing scam. However, because people are more skeptical about opening or clicking on suspicious files or links — and because there are integrated apps that help warn you of these files — it's more difficult for these traditional phishing scams to be effective, but XLoader has gotten clever.
First, you receive a text from an unknown sender
Like ordinary malware, XLoader often spreads through malicious links sent via text messages. This is a unique type of phishing scam known as "smishing." However, scammers are aware that most people don't click on texts from people they don't know. So, another way they attempt to be successful at this is by first gaining access to a phone number that has your number in their contacts, and they target you that way. You won't think twice when you receive a text from someone you know. Once it gets past this step, XLoader can get onto your Android device in two ways:
1: You click on the link which leads to downloading the APK file
Next, the unsuspecting victim would see a link in the text message. The link may look less suspicious than typical malware links because they are typically shortened and look less spammy and more legitimate, like a link that someone you know would send you.
A RANSOMWARE REALITY CHECK AS US IS A TOP TARGET OF ATTACKS
If you end up clicking on this link, it will direct you to download an Android APK file (standard file format for Android), which are files that are used to sideload apps outside the official Google Play Store. This method, therefore, bypasses Google's security measures and increases the risk of malware infections. It can happen in a matter of seconds, and if you click "install," then the XLoader malware will be on your phone before you know it.
Once the malicious APK is downloaded and installed, XLoader can launch on its own without any further action from the user, silently running in the background and performing its malicious activities.
2: You launch the app yourself, but fall for a Google Chrome decoy
If you decide you want to launch the app directly on your own, XLoader is already there waiting for you by impersonating Google Chrome. When you click "launch," the XLoader malware displays a very familiar-looking Chrome pop-up that will first ask you to grant it permissions by clicking "allow" or "deny." If you click "Allow" (thinking it'll lead you to the "app"), you'll be unknowingly giving it access to your SMS.
Afterward, it will even display a pop-up that says, "Choose Chrome to prevent spam," giving you two options — your default SMS app or Chrome. Because these decoy pop-ups replicate Google's style completely, it gives the user a false sense of security that it can be trusted.
Once it's there, it can grab your photos, texts and other sensitive data on your Android, most of the time, without you even realizing it.
Google Chrome decoy. (McAfee)
6 ways to protect your Android from XLoader and other malware
Now that you know what XLoader is and how it gets onto your Android device, be sure not to click on any links in text messages that are unusual. If the text came from someone in your contacts, reach out to them directly (via phone call or messaging on another app) and confirm that they meant to send you it before clicking on it. Here are some other ways to protect yourself from XLoader and other malware attempts.
1. Avoid sideloading apps and shortened URLs: Refrain from sideloading apps (installing apps from unofficial sources) and clicking on shortened URLs in messages, as these are common vectors for malware distribution.
2. Be careful granting permissions: Exercise caution when granting permissions to apps. The question is whether an app truly needs access to certain device functions or data.
3. Limit the apps you have on your phone: Sometimes, having a lot of apps on your phone can make it easy for you to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable.
4. Only download reputable apps: Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting "install."
5. Don't neglect software updates: Your phone has a way of keeping itself safe with software and security updates. Don't forget to do them.
6. Have good antivirus software on all your devices: The best way to protect yourself from malware like this Xloader virus is to install antivirus protection on all your devices. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links that may install malware on your devices, allowing hackers to gain access to your personal information. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt's key takeaways
Malware is, unfortunately, inevitable. As we become more educated about how to prevent these threats, the hackers creating them are always working on ways to outsmart us, while the malware itself becomes more sophisticated. This new strain of XLoader is just one example of that. And, while it's currently focused on targeting Android users, it'll likely be just a matter of time before it begins targeting Macs and other devices.
The best way to protect yourself, therefore, is to stay up-to-date with the latest cybersecurity trends and ensure your devices have good antivirus protection. Additionally, continue best practices for protecting yourself from suspicious links and downloads.
How stressed are you these days with malware like XLoader or other types of viruses trying to steal your data? Should more be done to stop these crooks? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you'd like us to cover.
Answers to the most asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
- What is the best way to stay private, secure and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
Copyright 2024 CyberGuy.com. All rights reserved.
Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.