Automated execution capabilities gained by new XLoader malware variants

BleepingComputer reports that updated variants of the Android malware XLoader, also known as MoqHao, that allowed automated execution after installation have emerged. Attacks with the new XLoader variants commence with the delivery of SMS messages that include a shortened URL, which when clicked would download a malicious Android APK file that automatically begins malicious activity following its installation, a report from McAfee showed. Such APKs have been obfuscated to resemble legitimate apps, including the Google Chrome browser, to lure victims into permitting SMS delivery and access, background app operation, and other risky permissions. Further examination of the new XLoader versions revealed their execution of custom phishing attacks through notification channels, which would then be followed by phishing message and URL extraction from Pinterest profiles. Researchers also noted that XLoader could execute 20 commands, including those allowing photo and SMS message transmission to attackers' control server, as well as device identifier exfiltration.