Cybersecurity analysts have revealed a recent iteration of the Android XLoader malware, which autonomously initiates without user intervention. Dubbed ‘Roaming Mantis’ by threat actors, it spreads primarily through SMS texts containing shortened URLs. Clicking on these links leads users to a webpage urging them to download an Android APK file for a mobile application.
Per a recent BleepingComputer report, McAfee researchers have noted that the latest iteration of XLoader malware is capable of self-launching post-installation. It masquerades as ‘Chrome,’ with an italicized ‘r’, prompting users to grant it perpetual background operation. Additionally, XLoader asks users to designate it as the default SMS app, presenting prompts in multiple languages such as English, French, Japanese, and German.
McAfee has already alerted Google about the new XLoader android malware. Its capacity for autonomous malicious activity enables it to pilfer sensitive data such as passwords, texts, photos, contacts, as well as hardware information like IMEI, SIM, and device serial numbers.
To protect your Android device from XLoader infection, ensure that you have enabled Google Play Protect. While most Android devices with preinstalled Google services have this service enabled by default, some users may have disabled it to use apps that the service deems malicious.
If you’ve disabled the feature for any reason and wish to re-enable it, open the Google Play Store on your device. Then, tap on your profile picture at the top right of the screen, followed by selecting ‘Play Protect’. On the ensuing screen, tap on ‘Turn on’.