Complex malware are continuously being developed by hacking groups worldwide, the best of which go through numerous incarnations. The infamous XLoader Android and iOS spyware has been found to infect users in a new attack campaign spreading a new version. The new release is distinct as it uses a complex distribution strategy to spread itself to the intended targets.
XLoader Android and iOS Spyware Upgraded With New Features
The virus is being released by an unknown criminal collective against mobile users worldwide targeting both Android and iOS users. What’s distinct about the threat is that a separate distribution strategy is used for the two platforms:
- Android — The version designed for Android poses as a legitimate security software and it can be spread both on hacker-made sites or the Google Play store with fake user reviews. The application is contained within an appropriate installer package (APK file).
- iOS — In this case the hackers will need to go through a specially crafted site which will redirect them to another address. It will prompt the user into installing a malware iOS configuration profile by using a common phishing strategy — manipulating them into believing that their computers have a network connectivity issue. By installing it they will not only deliver the XLoader malware, but also redirect the users to an Apple phishing site which is programmed to manipulate them into revealing their credentials.
What’s interesting about this threat is that many unorthodox tactics are being used to reach a larger number of potential victims. In the case of the Android version the criminal collective has been found to abuse Twitter user profiles for its C&C operations. The versions for Android and iOS can also gather extensive information which includes all kinds of hardware parameters and data that can identify the device owners. The spyware can launch numerous malicious actions against the infected computers — deployment of Trojans, ransomware and other malware. The fact that the criminal collective behind it has taken to great length in order to deploy it to the intended victims.
At the moment the XLoader Android and iOS spyware appears to focus on the delivery of fake banking and gaming apps. This means that the criminal collective can offer the malware as conduit for various advanced infiltration campaigns on the dark underground markets. As this threat is continuously developed we presume that the hackers behind it are experienced.