Android malware impersonates Chrome to steal data

Malicious apps are a constant threat to mobile devices, especially on Android, where users can easily install software from any location they want. According to Bleeping Computer , a new version of the XLoader malware (also known as MoqHao) is attacking devices running Google's operating system.

MoqHao has appeared in the US, UK, Germany, France, Japan, South Korea and Taiwan. This malware spreads via SMS messages containing shortened links to another address. When users click on it and install the program, XLoader is immediately activated. The malware has the ability to run hidden, stealing many types of user data without being detected by the system or the victim.

According to McAfee, when the malicious application is installed on the device, suspicious activities will be carried out automatically. The security company has reported the program's propagation and attack methods to Google, coordinating to prevent and reduce the damage of self-executing malware on future versions of Android.

To "trick" users, the program will send a notification requesting permission to impersonate the Google Chrome browser to be allowed to send and view SMS messages as well as the right to run in the background.

It even asks for permission to make Chrome the default SMS messaging app on the device. Once the user agrees, XLoader will steal and send photos, messages, contacts... and a lot of information about the device's hardware to a remote control server.

Security experts estimate that it only takes a few minimal interactions for the victim to grant permission to be able to execute the operation, making the new XLoader much more dangerous than its predecessors. The Android publisher has coordinated with the security company to handle the vulnerability, helping devices with Google Play Protect enabled to be safer from attacks. Therefore, they recommend that users do not click on strange links sent to their phones and absolutely do not install applications from unknown addresses.