XLoader
Posted: March 28, 2006
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 7/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | May 6, 2019 |
| OS(es) Affected: | Windows |
XLoader is spyware that attacks Android and Apple device users. XLoader uses social networking platforms for its C&C, as well as for tricking victims into compromising their devices and giving away their confidential information. Victims should disinfect their systems with an anti-malware solution that's capable of uninstalling XLoader before re-securing their accounts.
Spying that Goes Heavy on the Social Engineering
XLoader is a long-term, evolving threat with some elements that go back as long ago as 2015, although, in its current form, the cyber-security industry has been analyzing its ongoing campaigns for roughly a year. Some of the newest releases of XLoader are remarkable for splitting off into separate methods of attacking entirely different device environments slightly, although the goals of doing so are consistent. XLoader tricks users into infecting their devices before soliciting information that the threat actors collect promptly.
The XLoader's Android tactic isn't that different from the attacks of Gustuff: like that banking Trojan, XLoader circulates with the assist of threat actors delivering SMS messages imitating the Chrome browser notifications, Facebook. The most recent version of XLoader uses a fake 'security package' while pretending that it's from a Japanese mobile phone company. Any interaction from the user prompts the harmful download of XLoader, which can capture messaging information, record cameras or microphones, and collect information through other methods.
Malware researchers are confirming the XLoader's use of a different exploit for its new, Apple device-based fork, which targets iPhones and iPads. This build of XLoader's dropper mimics a profile configuration error that contains the website redirection, which it conceals with a traditional 'hxxp' exploit for obscuring the link. The domain imitates an Apple login for capturing the user's credentials immediately.
Putting an X over the XLoader's Growth Charts
Besides tricking users into harming their privacy and device security, XLoader uses social media platforms for its 'invisible' backend, as well. XLoader's Command & Control or C&C servers abuse Twitter, Instagram, and Tumblr profiles for encoding and conveying the details on any hacked devices, such as Android IDs or Apple's unique identifiers and version numbers. For general precautionary measures, malware experts do advise disabling any network connectivity with the infected devices, which remote attackers could collect information from or control.
Cultivating a familiarity of archetypal SMS messaging tactics can keep users from falling for 'obvious' ploys, such as prompts for installing updates from copycat websites. Android includes additional protection concerning downloads from unknown sources, by default. Most attacks are preventable through users avoiding links from strangers and not giving away their logins without verifying a site's authenticity, and most anti-malware products for their device environments should identify and stop or delete XLoader.
XLoader involves a creative misuse of social tactics for the orthodox goal of getting passwords. Tablet and phone owners shouldn't forget that they're not at any less risk than the average desktop 'power user' necessarily when it comes to valuable information that's worth collecting.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.