[ad_1]
Security researchers have discovered new Android malware that does not require user interaction to launch. However, it still requires the victim’s approval to be fully operational and carry out its intended process.
McAfee cybersecurity researchers have discovered a new version of XLoader, a known Android malware variant that has been used in the past to steal sensitive user information from victims in the United States, United Kingdom, Germany, France, Japan, South Korea, and Taiwan. He announced that he had observed it. This new loader is distributed in the same way as previous loaders, through SMS messages containing shortened URLs that direct you to websites hosting malicious .APK files.
However, important differences occur after installation. Victims do not need to run the new variant. It starts automatically and stealthily. Google has been alerted and is working on a fix, McAfee said, adding that “malicious activity begins automatically while the app is installed.” “We have already reported this technique to Google, and Google is already working on implementing mitigations to prevent this type of automatic execution in future versions of Android.”
Ask permission
However, just running the app is not enough, as significant permissions are still required to start stealing data. To trick victims into giving permission, the malware was given the name Chrome, but it uses Unicode strings, which causes the app’s font to look slightly different, which is a red flag. That’s enough. If that’s not an issue, the permissions your app requests are the ability to send and access SMS content, and the ability to always run in the background.
These permission pop-up messages appear in English, Korean, French, Japanese, German, and Hindi, so McAfee researchers believe these are also targeted countries.
Among other things, XLoader can steal people’s photos, send them SMS messages, extract existing SMS messages to third-party servers, export contact lists, and obtain device IDs. can.
via peepee computer
Learn more about TechRadar Pro
[ad_2]
Source link
