Technology
Beware of a new Android threat targeting your photos and texts without even opening them
What is malware?
Kurt ‘CyberGuy’ Knutsson discusses how to protect yourself from malware and ransomware.
Another day, another malware threat is trying to get your data.
Well, brace yourself, because there’s a virus that’s been around for a while that’s out there that’s gotten even worse.
It’s called XLoader, and it’s after your photos and texts on your Android device. Yes, you heard that right.
Your precious memories and messages are in danger of being snatched by this malicious software.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Android phone. (Kurt “CyberGuy” Knutsson)
What is malware?
Malware is technically any software that’s designed to disrupt the system of its intended target. With malware, the person or entity behind the attack can gain access to your data, leak sensitive information, block you out and take control of other aspects of your privacy and security.
MORE: TIPS TO FOLLOW FROM ONE INCREDIBLY COSTLY CONVERSATION WITH CYBERCROOKS
What is the XLoader malware strain?
According to McAfee, the XLoader malware — also known as MoqHao — has been around since 2015, targeting Android users in the U.S., Europe and Asia. Once it’s on your device (which it’s gotten much better at doing), it’s able to run in the background, taking your sensitive data, whether it be photos, text messages, contact lists, hardware details and more.
Hacker typing on a laptop. (Kurt “CyberGuy” Knutsson )
MORE: BEWARE OF NEW ANDROID MALWARE HIDING IN POPULAR APPS
How does XLoader get onto your device?
One of the reasons XLoader is such a major threat is because, unlike its previous strains and other malware, it can get on your device that much easier than before. Generally, malware gets onto your device via a phishing scam. However, because people are more skeptical about opening or clicking on suspicious files or links — and because there are integrated apps that help warn you of these files — it’s more difficult for these traditional phishing scams to be effective, but XLoader has gotten clever.
First, you receive a text from an unknown sender
Like ordinary malware, XLoader often spreads through malicious links sent via text messages. This is a unique type of phishing scam known as “smishing.” However, scammers are aware that most people don’t click on texts from people they don’t know. So, another way they attempt to be successful at this is by first gaining access to a phone number that has your number in their contacts, and they target you that way. You won’t think twice when you receive a text from someone you know. Once it gets past this step, XLoader can get onto your Android device in two ways:
1: You click on the link which leads to downloading the APK file
Next, the unsuspecting victim would see a link in the text message. The link may look less suspicious than typical malware links because they are typically shortened and look less spammy and more legitimate, like a link that someone you know would send you.
A RANSOMWARE REALITY CHECK AS US IS A TOP TARGET OF ATTACKS
If you end up clicking on this link, it will direct you to download an Android APK file (standard file format for Android), which are files that are used to sideload apps outside the official Google Play Store. This method, therefore, bypasses Google’s security measures and increases the risk of malware infections. It can happen in a matter of seconds, and if you click “install,” then the XLoader malware will be on your phone before you know it.
Once the malicious APK is downloaded and installed, XLoader can launch on its own without any further action from the user, silently running in the background and performing its malicious activities.
2: You launch the app yourself, but fall for a Google Chrome decoy
If you decide you want to launch the app directly on your own, XLoader is already there waiting for you by impersonating Google Chrome. When you click “launch,” the XLoader malware displays a very familiar-looking Chrome pop-up that will first ask you to grant it permissions by clicking “allow” or “deny.” If you click “Allow” (thinking it’ll lead you to the “app”), you’ll be unknowingly giving it access to your SMS.
Afterward, it will even display a pop-up that says, “Choose Chrome to prevent spam,” giving you two options — your default SMS app or Chrome. Because these decoy pop-ups replicate Google’s style completely, it gives the user a false sense of security that it can be trusted.
Once it’s there, it can grab your photos, texts and other sensitive data on your Android, most of the time, without you even realizing it.
Google Chrome decoy. (McAfee)
6 ways to protect your Android from XLoader and other malware
Now that you know what XLoader is and how it gets onto your Android device, be sure not to click on any links in text messages that are unusual. If the text came from someone in your contacts, reach out to them directly (via phone call or messaging on another app) and confirm that they meant to send you it before clicking on it. Here are some other ways to protect yourself from XLoader and other malware attempts.
1. Avoid sideloading apps and shortened URLs: Refrain from sideloading apps (installing apps from unofficial sources) and clicking on shortened URLs in messages, as these are common vectors for malware distribution.
2. Be careful granting permissions: Exercise caution when granting permissions to apps. The question is whether an app truly needs access to certain device functions or data.
3. Limit the apps you have on your phone: Sometimes, having a lot of apps on your phone can make it easy for you to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable.
4. Only download reputable apps: Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting “install.”
5. Don’t neglect software updates: Your phone has a way of keeping itself safe with software and security updates. Don’t forget to do them.
6. Have good antivirus software on all your devices: The best way to protect yourself from malware like this Xloader virus is to install antivirus protection on all your devices. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links that may install malware on your devices, allowing hackers to gain access to your personal information. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt’s key takeaways
Malware is, unfortunately, inevitable. As we become more educated about how to prevent these threats, the hackers creating them are always working on ways to outsmart us, while the malware itself becomes more sophisticated. This new strain of XLoader is just one example of that. And, while it’s currently focused on targeting Android users, it’ll likely be just a matter of time before it begins targeting Macs and other devices.
The best way to protect yourself, therefore, is to stay up-to-date with the latest cybersecurity trends and ensure your devices have good antivirus protection. Additionally, continue best practices for protecting yourself from suspicious links and downloads.
How stressed are you these days with malware like XLoader or other types of viruses trying to steal your data? Should more be done to stop these crooks? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Microsoft Edge is adding a new feature that will allow its Copilot AI chatbot to gather information from all of your open tabs. When you start a conversation with Copilot, you can ask the chatbot questions about what’s in your tabs, compare the products you’re looking at, summarize your open articles, and more.
In its announcement, Microsoft says you can “select which experiences you want or leave off the ones you don’t.” The company is retiring Copilot Mode as well, which could similarly draw information from your tabs but offered some agentic features, like the ability to book a reservation on your behalf. Microsoft has since folded these agentic capabilities into its “Browse with Copilot” tool.
Several other AI features are coming to Edge, including an AI-powered “Study and Learn” mode that can turn the article you’re looking at into a study session or interactive quiz. There’s a new tool that turns your tabs into AI-powered podcasts as well, similar to what you’d find on NotebookLM, and an AI writing assistant that will pop up when you start entering text on a webpage.
You can also give Copilot permission to access your browsing history to provide more “relevant, high-quality answers,” according to Microsoft. Copilot in Edge on desktop and mobile will come with “long-term memory” as well, which can tailor its responses based on your previous conversations. And, when you open up a new tab, you’ll see a redesigned page that combines chat, search, and web navigation, along with the Journeys feature, which uses AI to organize your browsing history into categories that you can revisit.
Meanwhile, an update to Edge’s mobile app will allow you to share your screen with Copilot and talk through the questions about what you’re seeing. Microsoft says you’ll see “clear visual cues” when Copilot is active, “so you know when it’s taking an action, helping, listening, or viewing.”
NEWYou can now listen to Fox News articles!
If you bought a newer iPhone because Apple made Siri sound like it was about to become your personal artificial intelligence sidekick, you may want to pay attention.
Apple has agreed to pay $250 million to settle a class-action lawsuit over claims that it misled customers about new Apple Intelligence and Siri features. The case centers on the iPhone 16 launch and certain iPhone 15 models that were marketed as ready for Apple’s next wave of AI. The settlement still needs court approval, and Apple denies wrongdoing.
The lawsuit argues that Apple promoted a smarter, more personal Siri before those features were actually available. For some buyers, that was a big deal. A new iPhone can cost hundreds of dollars, and many people upgrade only when they think they are getting something meaningfully new.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
WHY IPHONE USERS ARE THE NEW PRIME SCAM TARGETS
U.S. buyers of certain iPhone 16 and iPhone 15 Pro models may qualify for payments if a judge approves Apple’s proposed settlement. (Getty Images)
What Apple is accused of promising
Apple introduced Apple Intelligence in June 2024 and promoted it as a major step forward for iPhone, iPad and Mac. A key part of that pitch was a more personalized Siri that could understand context, work across apps and help with everyday tasks in a more useful way.
The lawsuit claims Apple’s marketing made consumers believe those advanced Siri features would arrive with the iPhone 16 or soon after. Instead, buyers received phones that had some Apple Intelligence tools, but not the full Siri overhaul that many expected.
That gap is the heart of the case. Plaintiffs say customers bought or upgraded devices based on AI features that were not ready. Apple says it has rolled out many Apple Intelligence features and settled the case, so it can stay focused on its products.
How much money could iPhone owners get?
The proposed settlement creates a $250 million fund. Eligible customers who file approved claims are expected to receive at least $25 per eligible device. That amount could rise to as much as $95 per device, depending on how many people file claims and other settlement factors.
That means this will not be a huge payday for most people. Still, if you bought one of the covered phones, it may be worth watching for a claim notice. A few minutes of paperwork could put some money back in your pocket.
Which iPhones may qualify?
The proposed settlement covers U.S. buyers who purchased any iPhone 16 model, iPhone 15 Pro or iPhone 15 Pro Max between June 10, 2024, and March 29, 2025.
Covered iPhone 16 models include the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, iPhone 16 Pro Max and iPhone 16e. The settlement also includes the iPhone 15 Pro and iPhone 15 Pro Max, but not every iPhone 15 model.
The key details are the device model, the purchase date and whether the phone was bought in the United States.
HOW YOU CAN GET A SLICE OF APPLE’S $250M IPHONE SETTLEMENT
Apple has agreed to pay $250 million to settle claims it misled customers about Apple Intelligence and Siri features on newer iPhones. (Michael Nagle/Bloomberg)
How will you file a claim?
You do not need to do anything immediately. The settlement still needs a judge’s approval. Once the claims process opens, eligible customers are expected to receive a notice by email or mail with instructions on how to file through a settlement website.
That notice matters because scammers love moments like this. A real settlement notice should not ask for your Apple ID password, bank login or payment to claim your money. If you receive a message about this settlement, do not click blindly. Go slowly, check the sender and look for the official settlement administrator details once they are available.
Why this case matters beyond one Siri feature
This case hits a bigger nerve. Tech companies are racing to sell AI as the next must-have feature. That creates a problem for shoppers. You are often asked to buy now based on what a company says will arrive later.
That can be frustrating when the feature is the reason you upgraded. A smarter Siri sounds useful. A phone that can understand your personal context, search across apps and help with daily tasks could save time. But if those tools are delayed, limited or missing, the value of the upgrade changes.
This settlement also sends a message about AI marketing. Companies can talk about future features, but consumers need clear timing and plain explanations. “Coming soon” can mean very different things when you are spending $800, $1,000 or more.
We reached out to Apple for comment, but did not hear back before our deadline.
FIRST 15 THINGS TO DO OR TRY FIRST WHEN YOU GET A NEW IPHONE
Apple denies wrongdoing but agreed to settle claims tied to its marketing of Apple Intelligence and Siri features. (Qilai Shen/Bloomberg)
What this means to you
If you bought a covered iPhone during the settlement period, keep an eye on your email and regular mail. You may qualify for a payment if the court approves the deal.
You should also keep your receipt or proof of purchase if you have it. Your Apple purchase history, carrier account or retailer receipt may help if the claim process asks for details.
More broadly, this is a reminder to treat AI features like any other big tech promise. Before you upgrade, ask one simple question: Can the feature do what is being advertised today, or is the company asking me to wait?
That question can save you from buying a device for a future feature that may arrive much later than expected.
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my quiz here: CyberGuy.com.
Kurt’s key takeaways
Apple has built its brand on making technology feel polished, personal and easy to use. That is why this Siri settlement hits a nerve. People were buying phones they use every day for texts, photos, directions, reminders and everything in between. Many expected AI to make those everyday tasks easier, which is why the delay felt frustrating. The proposed payout may be modest, but the bigger issue is trust. When a company sells AI as a reason to upgrade, customers deserve to know what actually works now and what is still coming later.
Would you still buy a new phone for promised AI features, or would you wait until they actually show up? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Instagram is once again cribbing from competitors like Snapchat and BeReal with a new photo-sharing format it calls “Instants,” which are ephemeral photos that you can’t edit and that you can only share with your close friends or followers that follow you back. Instants are available globally beginning on Wednesday as a feature in the inbox in the Instagram app and as a separate app that’s now in testing in select countries.
To access Instants from the Instagram app, go to your DM inbox and look in the bottom-right corner for an icon or a stack of photos. After you post a photo, your friends can emoji react to it and send a reply to your DMs, but after they see it, the photo disappears for them. Instants also disappear after 24 hours, and they can’t be captured in screenshots or screen recordings.
However, your Instants will remain in an archive for you for up to a year, and you can reshare them as a recap to your Instagram Stories if you’d like. You can also undo sending an Instant right after you post it or delete it from your archive.
The Instants mobile app, which popped up in Italy and Spain in April, gives you “immediate access to the camera” and only requires an Instagram account, Instagram says. “Instants you share on the separate app will show up for friends on Instagram and vice versa. We’re trying this separate app out to see how our community uses it, and we’ll continue to evolve it as we learn more.”
Instagram, in its testing, has seen that people “tend to use Instants to share much more casual, much more authentic moments about their day,” according to Instagram boss Adam Mosseri. “And we know that this type of sharing of personal moments with friends is a core part of what makes Instagram Instagram, but we also know that a lot of people don’t really share a lot to their profile grids anymore.”
-
New York1 hour agoFlag With Swastika and Star of David Flown on N.Y.U. Building, Police Say
-
Los Angeles, Ca1 hour agoEarly morning Montebello fire leaves resident critically injured
-
Detroit, MI2 hours agoWhat big announcement at DPSCD Hall of Fame Gala could mean for Detroit students
-
San Francisco, CA2 hours agoCasting shade on shadows: S.F. supervisor seeks to bar using shadows to block new housing
-
Dallas, TX2 hours agoDallas Approves $180,500 for New Botham Jean Boulevard Street Signs
-
Miami, FL2 hours agoMiami residents sue over land for Trump presidential library
-
Boston, MA2 hours agoBoston has a secret society built on opium money in ‘The Society’
-
Denver, CO2 hours agoDenver weather: Nearing record highs again