New version of Xloader virusDeveloped for devices AndroidIt can work alone after installing it on the cell phone. The virus was discovered last week, and it works as follows: After spreading via SMS and malicious APK files, the virus starts running in the background on the cell phone. After installation, Steals data It intercepts tokens used for two-factor authentication in applications.
Read also: It's not just about deleting apps: if you want to clean your Android phone, do it!
Via text message, the virus is sent as if it were a new Google Chrome update. Upon downloading, the infected software continues to use Google's name to request permission from the user. Thus, by allowing it to run in the background and managing the receipt of SMS, the virus will start working on the user's cell phone.
The new version of XLoader was announced by McAfee, a virtual security company. According to the company, Google stated that it has already taken additional protection measures to prevent malware from running automatically on Android devices. It is expected that native protection will be provided in operating system updates.
Viruses work independently
Unlike other viruses, the new version of XLloader works “alone”. Therefore, it is not necessary to run the APK so that the virus can install itself on the cell phone. Since it is distributed as an update to the Google Chrome browser, ordinary users think they are updating the application. By accessing the SMS box, the virus is able to communicate with its control servers.
In this way, user information is sent to the servers, while new commands are received. According to McAfee, responsibility for the criminal activities lies with the Roaming Mantis group. The criminal group targets banks and fintech companies, and has already been blamed for attacks in Europe, the United States and Japan.
To control the virus, Pinterest is used to send commands. To do this, criminals can access specific pages that allow them to specify URLs, from which commands are given to viruses. Finally, the virus can also collect data from devices, such as IMEI number, serial number, phone number, and access photos and media files.
“Web geek. Wannabe thinker. Reader. Freelance travel evangelist. Pop culture aficionado. Certified music scholar.”