Android malware impersonates Chrome to steal data

Malicious applications are always a threat to mobile devices, especially on Android, where users can easily install software from any source they want. According to Bleeping Computer , a new version of the XLoader malware (also known as MoqHao) is attacking devices running Google's operating system.

MoqHao has previously appeared in the US, UK, Germany, France, Japan, South Korea, and Taiwan. This malware spreads via SMS messages containing shortened links to another address. When users click on the link and install the program, XLoader is immediately activated. The malware is capable of running stealthily, stealing various types of user data without being detected by the system or the victim.

According to McAfee, once the malicious application is installed on a device, suspicious activities are carried out automatically. The security firm has reported the program's distribution and attack methods to Google, collaborating to prevent and mitigate the harm of this type of self-executing malware on future versions of Android.

To "trick" users, the program will send notifications requesting permission to impersonate the Google Chrome browser in order to send and view SMS messages, as well as to run in the background.

It even requests permission to make "Chrome" the default SMS messaging application on the device. Once the user agrees, XLoader steals and sends photos, messages, contacts, and other hardware information to a remote control server.

Security experts assess that only minimal interaction is needed for the victim to grant permission, making the new XLoader far more dangerous than its predecessors. The Android publisher has collaborated with security companies to address the vulnerability, making devices with Google Play Protect enabled safer from attacks. Therefore, they advise users not to click on suspicious links sent to their phones and absolutely not to install applications from unknown sources.