XLoader is a malicious Android app that was observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. [1]

ID: S0318
Platforms: Android
Version: 1.1
Created: 17 October 2018
Last Modified: 11 December 2018

Techniques Used

Domain ID Name Use
Mobile T1401 Abuse Device Administrator Access to Prevent Removal

XLoader requests Android Device Administrator access.[1]

Mobile T1429 Capture Audio

XLoader covertly records phone calls.[1]

Mobile T1412 Capture SMS Messages

XLoader collects SMS messages.[1]

Mobile T1406 Obfuscated Files or Information

XLoader loads an encrypted DEX code payload.[1]