They are distributed from polluted DNS domains that send a notification to an unknowing victim’s device. The malicious apps can steal personally identifiable and financial data and install additional apps. XLoader can also hijack the infected device and sports self-protection/persistence mechanisms through device administrator privileges.
XLoader it appears to target South Korea-based banks and game development companies. XLoader also prevents victims from accessing the device’s settings or using a known antivirus (AV) app in the country.
XLoader will not download malicious apps if the Android device uses a mobile data connection. Nevertheless, Trend Micro advises users to practice proper security hygiene to mitigate threats that may take advantage of a home or business router’s security gaps and to also employ stronger credentials.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now