Malicious apps are a constant threat to mobile devices, especially on Android, where users can easily install software from any location they want. According to Bleeping Computer , a new version of the XLoader malware (also known as MoqHao) is attacking devices running Google's operating system.
The malware will execute itself after impersonating Google Chrome to ask the user for access permission.
MoqHao has been detected in the US, UK, Germany, France, Japan, South Korea and Taiwan. The malware is spread via SMS messages containing a shortened link to another address. When users click on it and install the program, XLoader is immediately activated. The malware is capable of running in the background, stealing many types of user data without being detected by the system or the victim.
According to McAfee, when the malicious application is installed on the device, suspicious activities will be carried out automatically. The security company has reported the program's propagation and attack methods to Google, coordinating to prevent and reduce the damage of this type of self-executing malware on future versions of Android.
To "trick" users, the program will send a notification requesting permission to impersonate the Google Chrome browser to be allowed to send and view SMS messages as well as the right to run in the background.
The permission request is sent from a fake Chrome with misspelled characters to avoid copyright scanning security systems.
It even asks for permission to make "Chrome" the default SMS messaging app on the device. Once the user agrees, XLoader will steal and send photos, messages, contacts... and a lot of information about the device's hardware to a remote control server.
Security experts estimate that only a few minimal interactions are needed for the victim to grant permission to execute the operation, making the new XLoader much more dangerous than its predecessors. The Android publisher has coordinated with the security company to handle the vulnerability, helping devices with Google Play Protect enabled to be safer from attacks. Therefore, they recommend that users do not click on strange links sent to their phones and absolutely do not install applications from unknown addresses.
Source link
Comment (0)