Jackson Thornton Technologies News + Updates

Jackson Thornton Technologies has been serving the Southeast since 1999, providing IT consulting and managed services, technical helpdesk support, cybersecurity assessments, and business continuity and disaster recovery to small and medium-sized businesses.

XLoader Android Malware Runs in the Background and Steals Your Data

XLoader Android Malware Runs in the Background and Steals Your Data

Mobile malware isn’t common, but it’s growing increasingly more so. You may have heard of a malware called XLoader, which has been used to victimize people in over seven countries. This mobile threat has seen various iterations over the past several years, but you should be especially concerned these days.

This threat targets Android devices, and since Android makes up a significant portion of the smartphone market share, there is no shortage of victims to be had. Android malware typically works when the file is opened by the user, and it cannot run in the background until it has been. However, XLoader is a bit different and—admittedly—scarier in how it operates. 

It can actually launch itself automatically, which is a major problem.

Not only can it launch itself automatically under the right circumstances, but it can also run in the background, allowing it to do all kinds of malicious things. XLoader can extract data from any infected device. Some of this data includes potentially sensitive files such as photos, text messages, contact lists, hardware information, and so on.

The threat was first discovered by security company McAfee, which reported that the threat spreads through shortened URLs in phishing text messages. The user has a harder time identifying potentially malicious URLs when it’s condensed into a shortened one, and when the user clicks on the link, they are taken to a download for an Android APK file. These files are typically used to sideload an app without downloading them directly from the Play Store. When users install the app, they infect their Android device with the threat.

To keep itself hidden from the user, the app will impersonate Google Chrome and request permissions that it does not need, like accessing text messages and running in the background. The user will then assign it to be the default SMS app, further enabling its debauchery. XLoader can extract even more phishing messages and malicious links from Pinterest profiles, sending the links to the infected smartphone so that it can remain undetected.

The wild part of this is that the threat uses hard-coded phishing messages to trick the user into clicking on malicious links under the guise of bogus allegations of bank fraud. It only resorts to this if it cannot access Pinterest, however, but the fact that it has a failsafe makes this threat very sophisticated.

A good way to limit your exposure to potential mobile threats like XLoader is to exclusively download reputable apps from the app store and avoid sideloading whenever possible. You should also enable Google Play Protect if it’s not already enabled.

To make sure it’s on, open the Google Play Store app. At the top right, tap the profile icon. Tap Play Protect and then Settings. Ensure Scan apps with Play Protect is on.

For more updates on the latest threats and vulnerabilities, be sure to keep an eye on our blog.

3 IT Metrics to Pay Attention To
Did You Know? Big Tech Companies Don’t Care About ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 22 December 2024

Captcha Image

Request a Consultation

Jackson Thornton Technologies strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what Jackson Thornton Technologies can do for your business.

200 Commerce Street ,
Montgomery, Alabama 36104

Call us: (877) 226-9091

News & Updates
Jackson Thornton Technologies (JTT) is pleased to announce its expansion to a third office located in Auburn, Alabama. This new office will allow JTT to provide additional services in the East Alabama market including cybersecurity reviews, training ...