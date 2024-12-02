They are distributed from polluted DNS domains that send a notification to an unknowing victim’s device. The malicious apps can steal personally identifiable and financial data and install additional apps. XLoader can also hijack the infected device and sports self-protection/persistence mechanisms through device administrator privileges.

XLoader it appears to target South Korea-based banks and game development companies. XLoader also prevents victims from accessing the device’s settings or using a known antivirus (AV) app in the country.

XLoader will not download malicious apps if the Android device uses a mobile data connection. Nevertheless, Trend Micro advises users to practice proper security hygiene to mitigate threats that may take advantage of a home or business router’s security gaps and to also employ stronger credentials.