New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy | Cell Phone Spy and Mobile Tracking Software
By Hara Hiroaki, Lilang Wu, and Lorin Wu In previous attacks, XLoader posed as Facebook, Chrome and other legitimate applications to trick users into downloading its malicious app. Trend Micro researchers found a new variant that uses a different way to lure users. This new XLoader variant poses as a security app for Android devices, and uses a malicious iOS profile to affect iPhone and iPad devices. Aside from a change in its deployment techniques, a few changes in its code set it apart from its previous versions. This newest variant has been labeled XLoader version 6.0 (detected as AndroidOS_XLoader.HRXD), following the last version discussed in a previous research on the malware family. Infection chain The threat actors behind this version used several fake websites as their host — copying that of a Japanese mobile phone operator's website in particular — to trick users into downloading the fake security Android application package (APK). Monitoring efforts on this new variant