A form of malicious code distributed via SMS messages contains shortened links that can steal information on Android phones after being activated.
Malicious applications are always a threat to mobile devices, especially on Android, when users can easily install software from any location they want. According to Bleeping Computer, a new version of XLoader malware (also known as MoqHao) is attacking machines running Google’s operating system
MoqHao has appeared in the US, UK, Germany, France, Japan, Korea, and Taiwan. This malicious code is spread via SMS messages containing a shortened link to another address. When the user clicks on it and installs the program, XLoader is immediately activated. Malicious code can run in the background, stealing many types of user data without being detected by the system or the victim.
According to McAfee, when a malicious application is installed on the device, suspicious activities will be carried out automatically. This security firm has reported the program’s distribution and attack methods to Google, working together to prevent and reduce the harmful effects of self-executing malware on Android versions. future
To “circumvent” the user, the program will send a permission request message impersonating the Google Chrome browser to allow sending and viewing SMS messages as well as permission to run in the background
It even asked for permission to let “Chrome” become the default SMS messaging client on the device. When the user fully agrees, XLoader will steal and send photos, messages, contacts… and a lot of information about the device’s hardware to a remote control server.
Security experts assess that it only takes a few minimal interactions for the victim to grant permissions to execute the activity which makes the new XLoader much more dangerous than its predecessors. The Android publisher has collaborated with security companies to address the vulnerability, making devices with Google Play Protect enabled safer from attacks. Therefore, they advise users not to click on strange links sent to their phones and not to install applications from unknown addresses
