Android malware impersonating Chrome can steal your photos, passwords and chats without opening them | Technology News

Security researchers at McAfee have discovered a new variant of the infamous XLoader malware that can automatically run itself and steal sensitive information from Android devices.

To protect yourself, make sure you have turn on Google Play Protect. (Image Source: Pixabay)

Cybersecurity experts recently unveiled a new version of the Android XLoader malware that can automatically execute itself without user interaction. Developed by a threat actor called ‘Roaming Mantis’, the malware’s primary distribution method is via an SMS text that includes a shortened URL, clicking on which opens a page where users are prompted to download an Android installation file (APK) for a mobile app.

According to a recent report by BleepingComputer, researchers at McAfee have reported that the new variant of the XLoader malware can automatically launch itself after installation. It disguises itself as ‘Chrome’ with an italic r and asks users to let the app always run in the background. XLoader also requests users to set itself as the default SMS app with prompts in various languages like English, French, Japanese, Hindi and German.

You have exhausted your
monthly limit of free stories.

Read more stories for free
with an Express account.

Now subscribe at a special discount of 15% Use Code: ELECTION15

This premium article is free for now.

Register to read more free stories and access offers from partners.

Now subscribe at a special discount of 15% Use Code: ELECTION15

This content is exclusive for our subscribers.

Subscribe now to get unlimited access to The Indian Express exclusive and premium stories.

The prompts are shown in various languages including Hindi. (Image Source: McAfee)

While McAfee has already reported the new XLoader malware to Google, the ability to automatically perform malicious actions allows it to steal sensitive information like passwords, texts, photos, contacts and hardware information like IMEI, SIM and serial number of the device.

To prevent XLoader from infecting your Android device, make sure Google Play Protect is enabled on your device. While the service is enabled by default on most Android devices that come with Google services preinstalled, some users might have disabled it to use apps deemed malicious by the service.

If you have disabled the feature for some reason and want to re-enable it, launch Google Play Store on your device, tap on your profile picture from the top right of the scree, click on ‘Play Protect’ and on the screen that appears, tap on ‘Turn on’.