New Android malware auto-executes itself to steal user data
A new strain of the XLoader malware, also known as MoqHao, is wreaking havoc on Android users by stealing their personal data and sending it to an overseas server. This malicious software has been detected in countries such as the United States, United Kingdom, Germany, France, Japan, South Korea, and Taiwan. It is distributed through SMS text messages containing a shortened URL link, which, when clicked, installs the malware onto the user's device.
Malicious app requests various permissions
This sneaky app disguises itself as Google Chrome and requests permissions to send and view SMS messages, run "Chrome" in the background, and make "Chrome" the default SMS app. Once these permissions are granted, the malware swipes photos, text messages, contact lists, and hardware information, including the phone's unique IMEI number. Cybersecurity company McAfee cautioned that this new version of XLoader is even more dangerous than its predecessor due to the minimal interaction needed from the victim.
Protection measures and precautions
Luckily, Android devices with Google Play Services are safeguarded from this type of malware by Google Play Protect, which is enabled by default. However, users should stay alert and avoid clicking on shortened URLs in messages or downloading apps from unknown sources. McAfee said it has informed Google about this technique, and the tech giant is working on implementing measures to prevent this kind of auto-execution in future Android versions.
