Security researchers have detected new Android malware that doesn't even need user interaction to launch. However, to become fully operational and execute the processes it was designed to perform, it still needs the victim's approval.
McAfee cybersecurity researchers said they observed a new version of XLoader, a well-known Android malware variant that was used in the past to steal sensitive user information from victims in the US, UK, Germany, France, Japan , South Korea and Taiwan. This new loader is distributed in the same way as its predecessors: via an SMS message containing a shortened URL, which leads to a website hosting the malicious .APK file.
However, the key difference comes after installation: the victim does not need to run the new variant: it starts automatically and stealthily. Google has already been alerted and is working on a fix: “While the app is installed, its malicious activity begins automatically,” McAfee said. “We have already reported this technique to Google and they are already working on implementing mitigations to prevent this type of autorun in a future version of Android.”
asking for permissions
But simply running the app will not be enough as it still needs vital permissions to start stealing data. To trick victims into granting them, the malware was given the Chrome name, but via Unicode strings, so the app's source will be slightly off, which should be enough of a red flag. If that doesn't set off any alarm bells, the permissions the app seeks should: it requests the ability to send and access SMS content, and to always be able to run in the background.
As the pop-up messages requesting these permissions are available in English, Korean, French, Japanese, German, and Hindi, McAfee researchers believe these are also target countries.
Among other things, XLoader can steal people's photos, send SMS messages, extract existing SMS messages to a third-party server, export contact lists, capture device identifiers, and more.
Through beepcomputer
